2011/5/19 Dexter Morgan <[email protected]>: > 2011/5/18 Jérôme (saispo) Soyer <[email protected]>: >> On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <[email protected]> wrote: >>> OK, >>> >>> Mageia 1 is approaching quickly and we need to get our process in place >>> for security updates. We talked a bit about it a few weeks ago, and I >>> started a wiki page, but it needs more detail. Anne and I chatted on IRC >>> and it looks like we'll want to cutoff the "on the iso " updates at the >>> end of this week, so we need a process in place to release post-iso updates. >>> >>> ref: http://mageia.org/wiki/doku.php?id=security >>> >>> As I see it, initially we need, in no particular order: >>> >>> 1) a means to build updates for the release (iurt setup for mga1?) >>> 2) a means to publish updates (mail list, web page) >>> 3) a means to manage/track the updates (bugzilla?) >>> 4) work out/publish the process so we all know how it works >>> >>> And then of course we need people to be aware of vulnerabilities as they >>> are exposed. For now, we'll have be be slightly trailing until we can >>> show a history of releasing updates and hopefully gain access to the >>> closed list to get access to embargoed issues. Once that happens we will >>> possibly need additional infrastructure changes to keep the work >>> non-public before the embargo date. >>> >>> osvdb has a nice email aggregator that sends all the distro update >>> announcements, and the oss-security list has many of the CVE requests. >>> Unfortunately, my personal time hasn't allowed much more than a quick >>> read as they go by :/ I know many of you have been doing security >>> related bug reports and updates, which is great, thank-you. If anyone >>> wants to take a larger role in managing the process I'm more than happy >>> to let that happen. While I have experience, the time I'm able to commit >>> is less than helpful. >>> >>> Comments, volunteers? >>> >>> >>> >>> -- >>> Stew Benedict >>> New Tazewell, TN >>> >>> >>> >> >> Ok for me to integrate the team, reporting CVE, fixing them quickly as >> i can, and enhancing security in the distro :) >> > > You can count me in. >
I guess you should use http://mageia.org/wiki/doku.php?id=security#members to register -- Anne http://www.mageia.org
