On Wed, 05 Sep 2018, Huzaifa Sidhpurwala wrote:
Hi All,
This is a gentle reminder for package maintainers to fix security bugs
in the packages they maintain. A complete list of open security flaws
against Fedora packages is available at:
https://red.ht/2wJ8kLS
Some documentation about this is also available at:
https://fedoraproject.org/wiki/Security:HowtoSecurityBugs
Remember as per the new policy, packages which fail to fix security
bugs, will eventually be removed from the distribution.
There seems to be a set of bookkeeping issues with CVE bugzilla filings.
For example, for zziplib in F27 I closed yesterday a number of CVE
bugzillas that were not only fixed in February but also were out of
touch with the current package state across Fedora releases.
I see a bunch of bugs being opened without really reviewing actual state
of software in Fedora. Claiming that something is unsupported and has to
be retired based on those bugs is then highly superficial.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
