[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora security updates to full disclosure ?

On Sat, Nov 07, 2009 at 02:44:18PM +0100, Jerome Benoit wrote:
> Hello,
> Like all major Linux distro, I really think Fedora should push security
> updates information to full disclosure mailing list ...

As someone who has spent years spamming Bugtraq & full-disclosure with
Gentoo security advisories, I was initially in favor of sending Fedora
security notices there.  However, in their current state, I don't think
that they are useful to many.

We have a hard enough time getting package maintainers to enter
*anything* about their updates, let alone security-related details such
as severity, impact, workarounds, resolution, etc.  I think that if we
were to do a better job of encouraging/facilitating this, /then/ I would
be in favor of spamming other lists.

With the Bodhi v2.0 rewrite that I'm currently working on, I'm going to
be adding more security tracking features into the core of the platform.
I'm hoping to make it not only easier to track security issues, but also
announce them in a way that is useful to others.  If you're interested
in helping to improve our security tracking/update process, we could use
the help.


Attachment: pgphzQnEcrL2P.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]