[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Procedure for handling actively exploited security bugs with patches?



>>>>> "SG" == Steve Grubb <sgrubb redhat com> writes:

SG> Security patches need careful but timely review. I recommend that
SG> the security team coordinate the repair and no one apply
SG> unreviewed patches just because you have access.

Oh, of course we can't trust the community here.  What was I thinking?
The security team, who in most cases doesn't even use the software in
question, is in a far better position to evaluate and test fixes than
someone who is actively interested in and familiar with the software.

 - J<


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]