[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

The Debian/Ubuntu SSL bug




So I've been having a conversation with Mark Cox about the Debian/Ubuntu SSL bug. This is basically a horror story of what can go wrong when packagers don't maintain close relationships with upstream. I asked Mark, "what security policies do we have in place to keep this from happening in Fedora-land?" And his response was, "I don't know, what security policies do we have in place to keep this from happening in Fedora-land?"

We know that RHEL is secure and stable, and we *do* have safeguards in place to prevent this from happening in RHEL-land. But a mistake like this in Fedora-land would be every bit as bad for the Red Hat and Fedora brands.

Are there any steps we can take to protect ourselves from this kind of mistake -- in which a packager does something dumb to the package and no one notices it?

--g

--
Greg DeKoenigsberg
Community Development Manager
Red Hat, Inc. :: 1-919-754-4255
"To whomsoever much hath been given...
...from him much shall be asked"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]