[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
The Debian/Ubuntu SSL bug
- From: Greg DeKoenigsberg <gdk redhat com>
- To: fedora-advisory-board redhat com
- Cc: Mark Cox <mjc redhat com>
- Subject: The Debian/Ubuntu SSL bug
- Date: Tue, 13 May 2008 14:45:29 -0400 (EDT)
So I've been having a conversation with Mark Cox about the Debian/Ubuntu
SSL bug. This is basically a horror story of what can go wrong when
packagers don't maintain close relationships with upstream. I asked Mark,
"what security policies do we have in place to keep this from happening in
Fedora-land?" And his response was, "I don't know, what security policies
do we have in place to keep this from happening in Fedora-land?"
We know that RHEL is secure and stable, and we *do* have safeguards in
place to prevent this from happening in RHEL-land. But a mistake like
this in Fedora-land would be every bit as bad for the Red Hat and Fedora
brands.
Are there any steps we can take to protect ourselves from this kind of
mistake -- in which a packager does something dumb to the package and no
one notices it?
--g
--
Greg DeKoenigsberg
Community Development Manager
Red Hat, Inc. :: 1-919-754-4255
"To whomsoever much hath been given...
...from him much shall be asked"
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]