Fedora and External Product Vulnerabilities (Bugzilla #185499, RHSA-2006-0268 (Macromedia Flash))

[Robert 'Bob' Jensen]

On Sat, 2006-04-01 at 21:40 +0200, Thorsten Leemhuis wrote:
> Am Sonntag, den 02.04.2006, 00:57 +0530 schrieb Rahul Sundaram:
> > 
> > You are certainly allowed as a individual to post such warnings to the
> > list. Just make it explicit that you are posting not on behalf of the
> > project when it is controversial. Warren Togami for example made a
> > announcement on the arrangement he had with Macromedia for a flash
> > repository.
> 
> That's would be my opinion, too.
> 
> Cu
> thl

I feel that we have a responsibility to inform our users when security
is an issue even for items we do not provide that we are sure that a
majority of our end users in that segment might have the item installed.
I feel that flash would apply to the desktop segment of our target
markets. 

As for where these messages and how they are distributed is a bigger
question. I feel they should be visible enough that the effected users
will see the messages. Would posting a message about flash be right to a
list of server administrators? I do not think so. 

Is there a current web space that users can look for security issues
that may apply to them? If not is this something that should be created
and maintained by the community at large? If it does how can we promote
this resource so users are aware can do research and can make wise
choices?

-- 
Robert 'Bob' Jensen <bob at bobjensen.com>
Fedora Unity Project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20060401/82adb485/attachment.sig>