Hello,
2017-04-18 21:36 GMT+02:00 David Eisenstein <deisenst...@att.net>:
> Digging around, I am not seeing much presence for security? The
> mailling-list archive shows no activity on
> thesecurity-t...@lists.fedoraproject.org mailing list at all since last
> October? And no team meetings?
>
> Sounds about right; security-relevant discussions, if any, happen on the
global fedora-devel list, but there is not an all-encompassing Fedora
security group with regular meetings to my knowledge.
> Just who/how are security vulnerabilities handled in Fedora now?
>
> By the individual package maintainers; I think this was always their
primary responsibility. Red Hat’s security team may Fedora bugs for
vulnerabilities they are tracking (this is certainly happening for some
packages), I don’t know whether there is any formal commitment, and I would
not expect this tracking to be done for the whole universe of Fedora
packagers.
Either way, developing and publishing the fix is the responsibility of the
individual package maintainers.
Mirek
_______________________________________________
security mailing list -- security@lists.fedoraproject.org
To unsubscribe send an email to security-le...@lists.fedoraproject.org
