Stephen Gallagher wrote:
> Generally, whenever Node.js issues a security release, they do so for
> multiple issues simultaneously. When Product Security then goes and creates
> Bugzilla tickets, they create many (sometimes up to five bugs per CVE). It
> becomes nearly impossible to keep up with
her"
> To: "Development discussions related to Fedora"
>
> Sent: Wednesday, November 4, 2020 8:31:32 PM
> Subject: Re: Fedora Security Team
>
>
>
> On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com > wro
with SecurityTracking whiteboard if you cant find otherwise.
Let me know if you need help, in tracking your fedora security bugs :)
- Original Message -
From: "Stephen Gallagher"
To: "Development discussions related to Fedora"
Sent: Wednesday, November 4, 2020 8:31:32 PM
Subject:
On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:
> On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> > * Right, Fedora package CVEs and relevant bugs are filed by Red Hat
> Product security team.
> >
> > * CVEs/bugs are fixed in the
On Tuesday, 03 November 2020 at 17:36, Marek Marczykowski-Górecki wrote:
[...]
> But by looking at few random items there, it seems the fix is
> available in a subsequent upstream release and what is missing is just
> bumping the package version in Fedora.
"Just bumping" may not always be
On Tue, Nov 03, 2020 at 05:47:28PM +0100, Dominique Martinet wrote:
> Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> > Do you know if some parts of the above already exist? I know Debian has
> > automatic checks for latest upstream versions, but I haven't seen it in
> > Fedora.
>
>
Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> Do you know if some parts of the above already exist? I know Debian has
> automatic checks for latest upstream versions, but I haven't seen it in
> Fedora.
Fedora has "Upstream Release Monitoring"
On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> * Right, Fedora package CVEs and relevant bugs are filed by Red Hat Product
> security team.
>
> * CVEs/bugs are fixed in the upstream sources first. Fedora package
> maintainers do rebuild
> of the package with released fixes.
I see
s and relevant bugs are filed by Red Hat Product
security team.
* CVEs/bugs are fixed in the upstream sources first. Fedora package maintainers
do rebuild
of the package with released fixes.
* Often, Fedora package maintainer is also an upstream developer/maintainer.
It helps to fix issues
On Tue, Nov 3, 2020 at 12:53 am, Marek Marczykowski-Górecki
wrote:
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only?
Hi,
Red Hat Product Security is
Hello all,
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only? I've tried to
find some information on that, but the only thing I've found is this
page:
.
[0] https://fedoraproject.org/wiki/Security_Team
[1] https://lists.fedoraproject.org/mailman/listinfo/security-team
[2] #fedora-security-team on irc.freenode.net
- -- Eric
- --
Eric Sparks Christensen
Fedora Project
spa...@fedoraproject.org - spa
12 matches
Mail list logo
