[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Procedure for handling actively exploited security bugs with patches?



>>>>> "BO" == Bryan O'Sullivan <bos serpentine com> writes:

BO> If a package maintainer doesn't turn a security fix around
BO> quickly, is it reasonable (albeit a bit less than totally polite)
BO> to step in and do the update oneself, assuming the ACLs permit it?

Well, we're all supposed to be helping each other here.  Make sure
things get in bugzilla and are marked as security so the security team
sees it, and if you have a patch and you have access they I can't see
why you wouldn't at least commit it and do a scratch build.  And after
testing, if there's no response from the maintainer and the issue is
actually being exploited then I don't see why you wouldn't push or ask
the security team to push.

 - J<


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]