Re: [fedora-india] [Report] FAD - 1 Nov 2014 - theme security

[Rahul Sundaram]

Hi

On Sun, Nov 9, 2014 at 11:28 AM, P J P  wrote:


   -
 https://pjps.wordpress.com/2014/11/09/report-fad-1-nov-2014-theme-security/



One quick suggestion:  If maintainer does not respond to security bugs,
other than just sending reminders, there are atleast two other ways to
handle this depending on how severe or how prolonged the problem is.

1) Use provenpackager rights to fix it.  If you are not one already and are
active in Fedora, apply to be one.  Security triaging is a good enough
reason to do that

https://fedoraproject.org/wiki/Provenpackager_policy

2) Follow non responsive maintainer policy

https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers

Rahul
___
india mailing list
india@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/india

Re: [fedora-india] [Report] FAD - 1 Nov 2014 - theme security

[P J P]

   Hello Rahul, how are things?

On Wednesday, 12 November 2014 9:50 AM, Rahul Sundaram wrote:
One quick suggestion:  If maintainer does not respond to security bugs,
other than just sending reminders, there are atleast two other ways to
handle this depending on how severe or how prolonged the problem is.

1) Use provenpackager rights to fix it.  If you are not one already and
are active in Fedora, apply to be one.  Security triaging is a good enough
reason to do that
https://fedoraproject.org/wiki/Provenpackager_policy

  Oh, great! Request filed.

2) Follow non responsive maintainer policy
https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers 


  Yes, we've been discussing about this and package retirement policy and how 
we could exercise it.

Thanks so much for the great suggestions. Thank you. :)---
Regards
   -Prasad
http://feedmug.com
___
india mailing list
india@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/india