On Wed, Apr 26, 2006 at 08:50:18PM +0200, jdd wrote: > Marcus Meissner wrote: > > > My slides are here: > > http://files.opensuse.org/opensuse/en/a/a1/FOSDEM_security_process.pdf > > I wish I could attend :-( > > do you mean that you work in parallel with the original > developpers of the application? for example if a > vulnerability is seen in Apache, I guess apache team warn > all the pro clients, not to make twice the same work. > > this is may be what lacks in your slides: what is the part > SUSE/Novell have in the external teams. Do you have a Novell > member in the Apache team (for example), at least > time-sharing? is such work frequent? rare? case by case?
Yes, for instance: Peter Poeml is active at Apache, Lars Mueller is active in Samba, Wolfgang Rosenauer at Mozilla, Lots of kernel developers are active at the Kernel, etc.... > I've seen very different numbers as of the number of > SUSE/Novell employes working on Linux (SUSE and pro), from > 100 to 1000 :-) I can't really say exactly. > What is the real approx number, and on this number what is > the part that do security fixes? Total distribution development (people submitting code) are around 100 I guess. If you add Novell there are more. > Its mean. If all the people work together, all fixes are > released approx at the same time (You, Apache, Red hat, > Debian....). > If SUSE works mainly in it's side, may be it's first, may be > it's late? We _always_ work with the other vendors and the community. Its just our internal processes do more than just pushing out new built RPMs. > I'll try to summarise all this on a page :-) I have created http://en.opensuse.org/Security_Incident_Handling right now which summarizes stuff. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
