Fedora and External Product Vulnerabilities (Bugzilla #185499, RHSA-2006-0268 (Macromedia Flash))
Karsten Wade
kwade at redhat.com
Tue Apr 4 04:46:30 UTC 2006
On Sat, 2006-04-01 at 23:55 -0600, Robert 'Bob' Jensen wrote:
> Is there a current web space that users can look for security issues
> that may apply to them? If not is this something that should be created
> and maintained by the community at large? If it does how can we promote
> this resource so users are aware can do research and can make wise
> choices?
Well, we get many security announcements to f-announce-l. It seems like
an extra burden for us to track down and highlight security risks for
applications not in Core or Extras; hard to know where to draw the line,
and people are always going to think we drew it too far or not far
enough.
It might be cool if we could get security announcements to all magically
appear on a page ... or in a searchable database ... and that would
cover us for everything in Core and Extras thoroughly. We could link to
external lists of non-FC/FE vulnerabilities for packages in third-party
repos.
FedoraNews.org and other news/planet sites might be a good place to draw
attention to a vulnerability that is outside of the normal FC/FE-sphere
but many users may have installed. For example, if there were a
vulnerability in XMMS's MP3 plug-in, we would be remiss if no one
announced it because it has the evil MP3 word in it.
- Karsten
--
Karsten Wade, RHCE * Sr. Editor * http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
Fedora Documentation Project http://fedoraproject.org/wiki/DocsProject
Learn. Network. Experience open source.
Red Hat Summit Nashville | May 30 - June 2, 2006
Learn more: http://www.redhat.com/promo/summit/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20060403/ea806f4f/attachment.sig>
More information about the Fedora-security-list
mailing list