2011/5/18 Jérôme (saispo) Soyer <sai...@gmail.com>: > On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <stewbi...@gmail.com> wrote: >> OK, >> >> Mageia 1 is approaching quickly and we need to get our process in place >> for security updates. We talked a bit about it a few weeks ago, and I >> started a wiki page, but it needs more detail. Anne and I chatted on IRC >> and it looks like we'll want to cutoff the "on the iso " updates at the >> end of this week, so we need a process in place to release post-iso updates. >> >> ref: http://mageia.org/wiki/doku.php?id=security >> >> As I see it, initially we need, in no particular order: >> >> 1) a means to build updates for the release (iurt setup for mga1?) >> 2) a means to publish updates (mail list, web page) >> 3) a means to manage/track the updates (bugzilla?) >> 4) work out/publish the process so we all know how it works >> >> And then of course we need people to be aware of vulnerabilities as they >> are exposed. For now, we'll have be be slightly trailing until we can >> show a history of releasing updates and hopefully gain access to the >> closed list to get access to embargoed issues. Once that happens we will >> possibly need additional infrastructure changes to keep the work >> non-public before the embargo date. >> >> osvdb has a nice email aggregator that sends all the distro update >> announcements, and the oss-security list has many of the CVE requests. >> Unfortunately, my personal time hasn't allowed much more than a quick >> read as they go by :/ I know many of you have been doing security >> related bug reports and updates, which is great, thank-you. If anyone >> wants to take a larger role in managing the process I'm more than happy >> to let that happen. While I have experience, the time I'm able to commit >> is less than helpful. >> >> Comments, volunteers? >> >> >> >> -- >> Stew Benedict >> New Tazewell, TN >> >> >> > > Ok for me to integrate the team, reporting CVE, fixing them quickly as > i can, and enhancing security in the distro :) >
You can count me in.
