Fedora 7 and the Security Response Team
Ville Skyttä
ville.skytta at iki.fi
Sun Jun 10 10:31:30 UTC 2007
On Tuesday 03 April 2007, Josh Bressers wrote:
> As everybody is no doubt aware, Fedora 7 is bringing a number of changes,
> one of which will be putting the burden of security on the Fedora Security
> Response Team. Right now it's basically the Red Hat Security Response Team
> working on Core, and not much of anything happening for Extras. This is
> going to change.
Any updates on this? It looks to me as if things have changed for worse.
I haven't seen any other activity in CVS than my own updates to the fe* files.
There's no merged f7 audit file, and nobody appears to be keeping fc* up to
date either, and security related Bugzilla entries besides the ones I've
filed (if there are any others, dunno) do not seem to be Cc'd to this list.
As of now, I'm suspending my efforts to routinely track CVE's and other
sources until the situation becomes clearer. With the number of people even
reporting issues and keeping CVS up to date (*one* commit in 2007 to fe* by
someone besides me, in February, and none in fc* by anyone since May) being
close to zero, and being the only one who does that not being what I "signed
up" for, I don't think it would be responsible behaviour from me to keep
doing it in the current circumstances. Full, timely coverage is simply way
too much work, and casually doing it might give a false impression to users
and maintainers that things would be properly tracked.
More information about the Fedora-security-list
mailing list