Fedora security updates to full disclosure ?

Luke Macken lmacken at redhat.com
Sat Nov 7 19:20:59 UTC 2009


On Sat, Nov 07, 2009 at 02:44:18PM +0100, Jerome Benoit wrote:
> Hello,
> 
> Like all major Linux distro, I really think Fedora should push security
> updates information to full disclosure mailing list ...

As someone who has spent years spamming Bugtraq & full-disclosure with
Gentoo security advisories, I was initially in favor of sending Fedora
security notices there.  However, in their current state, I don't think
that they are useful to many.

We have a hard enough time getting package maintainers to enter
*anything* about their updates, let alone security-related details such
as severity, impact, workarounds, resolution, etc.  I think that if we
were to do a better job of encouraging/facilitating this, /then/ I would
be in favor of spamming other lists.

With the Bodhi v2.0 rewrite that I'm currently working on, I'm going to
be adding more security tracking features into the core of the platform.
I'm hoping to make it not only easier to track security issues, but also
announce them in a way that is useful to others.  If you're interested
in helping to improve our security tracking/update process, we could use
the help.

luke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091107/208bb874/attachment.sig>


More information about the fedora-devel-list mailing list