Giovanni Tirloni wrote:
> I did a quick search trying to find how to report security issues to the
> OpenSolaris community and I couldn't find much. Is there anything that
> I'm missing ?
There is no community mechanism set up for this - it's all been handled by
reporting them to Sun's security team.
> Also, any commits to the source repository that fix security issues
> would have to be communicated fully. Today just buy following
> onnv-gate-notify it's hard to tell what's a security fix and what's not.
> Is there a way to scan for security fixes ?
Security bug reports contain the 'security' keyword. Unfortunately,
that keyword prevents Sun's old internal bug database from allowing
anyone outside of Sun to see the bug report at all.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
