[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: Making Fedora secure - Package exit policy for security
From: Rex Dieter <rdieter () math ! unl ! edu>
Date: 2018-07-31 15:03:16
Message-ID: pjptji$ls5$1 () blaine ! gmane ! org
[Download RAW message or body]
Huzaifa Sidhpurwala wrote:
> Hi All,
>
> I was asked to bring this issue[1] to the developer community before
> FESCO makes a decision.
>
> In several instances[2] there exists packages in Fedora, in which
> package-maintainers did not patch security issues, for multiple reasons
> including 1. non-responsive maintainer 2. issue hard to patch 3. no one
> cares?
>
> This is a risk for the distribution, our users and community as a whole
> and not to mentioned bad PR :)
>
> I would like to propose the following:
>
>
> 1. If a CRITICAL or IMPORTANT security issue is open against a package
> in Fedora-X and by the time X is EOL and the issue is not addressed,
> proactively remove the package from X+1
> 2. If a MODERATE or LOW security issue is open against a package in
> Fedora -X and by the time X+! is EOL, the issue is not addressed, remove
> it from X+2
I don't think this is practical, we'll lose half the distro (are at least
large chunks).
Initially, such a proposal may be possible if generally limited to leaf
packages.
-- Rex
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2PXSOOOPRNXIBHFUC2RHJFMVGDC6INZI/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic