[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Extras Security Policy



Hi,

I've just read an article on how most distro's are doing when it comes to (timely) releasing security updates on lwn.net (this weeks security page subscribers only).

One of the things discussed in this article is that add-on repositories usually lack a clear security policy.

One example given is that clamav, an open source virus scanner in extras has a real exploitable security flaw, for which upstream has released a fix I assume, but which is still exploitable in the Extra's version.

It is in no way my attention to single out clamav, this is just an example.

So I would like to start a discussion about an extra's security policy, and about adding security related checks to the review process.

Please reply with your ideas/opinions.

Regards,

Hans


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]