Re: Security release criterion proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message -----
> 
> I say, local privilege escalations with publicly available exploits, and
> remotely triggerable vulnerabilities. If such an issue is known before
> Final, we should attempt to address it before releasing.
> 

I think it makes sense to address these prior to a release (on a case by
case basis), but I think we're missing the real point here.

We don't re-spin install media in Fedora, that means that if a remote root
hole is found 2 days after release, what do we do? (the current answer is
nothing). Perhaps the correct answer is to have firstboot update the system
for a user (do it in the background so they can still login do things). If
firstboot can't update the system, it's likely there is no Internet
connection anyway.

-- 
    JB
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux