[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Legacy] Mentoring for vulnerability bug tracking -- kernel, and general

From: Rahul Sundaram <sundaram fedoraproject org>
To: David Eisenstein <deisenst gtw net>
Cc: fedora-legacy-list redhat com, fedora-security-list redhat com, fedora-mentors-list redhat com
Subject: Re: [Legacy] Mentoring for vulnerability bug tracking -- kernel, and general
Date: Fri, 02 Jun 2006 16:50:58 +0530

On Fri, 2006-06-02 at 02:41 -0500, David Eisenstein wrote:

> A more general question is this:  How do we in Fedora Legacy track 
> vulnerabilities and make sure that we are aware of all the relevant 
> vulnerabilities for the packages that we maintain, and haven't missed 
> something?
> 
> The fedora-security-list and Josh Bressers are using audit files to track 
> all relevant security vulnerabilities for their sets of packages, which 
> are kept in CVS here,
>   <http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/?root=fedora>
> 
> but we here in Fedora Legacy haven't started using this kind of tool yet.
> Is it time for us to start doing so?  If so, are any of you interested in
> forming some kind of vulnerability tracking team and getting started on
> such list(s) for the products we maintain?

It seems to me that whatever system used by the Fedora Security Team
should be adopted by Fedora Legacy after discussion with the relevant
contributors.

Rahul

References:
- [Legacy] Mentoring for vulnerability bug tracking -- kernel, and general
  - From: David Eisenstein

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]