Roozbeh Pournader wrote:
I was wondering where the policies for security-related problems in Extras are mentioned. Currently, it seems that there are a few security bugs open for a while, with some of them (at least #169220, #169791, and #170045) needing attention. Also, one of the bugs (#175260) is private to Fedora Contributors only. Should this be followed for all such bugs? roozbeh
Yes,Not pretty. I've suggested some time ago to form a FE security team and volunteered for this. The offer still stands.
169791 looks easy to fix as its fixed in upstream CVS I could extract the relevant part out of their CVS and attach a patch to BZ, also there are many newer upstream versions available which might contain the fix. This bug is an excellent example of why we need a security policy and a couple of people doing security work.
Regards, Hans