On Fri, 2006-06-02 at 02:41 -0500, David Eisenstein wrote: > A more general question is this: How do we in Fedora Legacy track > vulnerabilities and make sure that we are aware of all the relevant > vulnerabilities for the packages that we maintain, and haven't missed > something? > > The fedora-security-list and Josh Bressers are using audit files to track > all relevant security vulnerabilities for their sets of packages, which > are kept in CVS here, > <http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/?root=fedora> > > but we here in Fedora Legacy haven't started using this kind of tool yet. > Is it time for us to start doing so? If so, are any of you interested in > forming some kind of vulnerability tracking team and getting started on > such list(s) for the products we maintain? It seems to me that whatever system used by the Fedora Security Team should be adopted by Fedora Legacy after discussion with the relevant contributors. Rahul -- Fedora-mentors-list mailing list Fedora-mentors-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-mentors-list