The Debian/Ubuntu SSL bug
Greg DeKoenigsberg
gdk at redhat.com
Tue May 13 18:45:29 UTC 2008
So I've been having a conversation with Mark Cox about the Debian/Ubuntu
SSL bug. This is basically a horror story of what can go wrong when
packagers don't maintain close relationships with upstream. I asked Mark,
"what security policies do we have in place to keep this from happening in
Fedora-land?" And his response was, "I don't know, what security policies
do we have in place to keep this from happening in Fedora-land?"
We know that RHEL is secure and stable, and we *do* have safeguards in
place to prevent this from happening in RHEL-land. But a mistake like
this in Fedora-land would be every bit as bad for the Red Hat and Fedora
brands.
Are there any steps we can take to protect ourselves from this kind of
mistake -- in which a packager does something dumb to the package and no
one notices it?
--g
--
Greg DeKoenigsberg
Community Development Manager
Red Hat, Inc. :: 1-919-754-4255
"To whomsoever much hath been given...
...from him much shall be asked"
More information about the fedora-advisory-board
mailing list