Fedora 7 and the Security Response Team

[Mark J Cox]

> - Only security bugs with CVE's are tracked? What if we spot something
> that has no CVE?

If it's something that is already public (for example some description of 
the flaw exists outside of bugzilla and it's obvious it's a security 
issue) then we can alert Mitre and they'll assign a name within a day or 
two.

If it's something that's not particularly public (for example someone 
reports an issue but not obvious it has security consequences) then I am a 
Candidate Naming Authority for CVE and can allocate a name to Fedora.

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team