[Mageia-dev] Meeting for secteam start

nicolas vigier boklm at mars-attacks.org
Sat Apr 16 22:04:40 CEST 2011

On Sat, 16 Apr 2011, Michael Scherer wrote:

>> Old Process:
>> * monitor vendor-sec, discuss vulns, patches, negotiate release schedule,
>>    also watch other distro updates, for things we may have missed
> We could ask to maintainers to help on that regard,
> or, like proposed for mageia-app-db and package testing, have a list of 
> people
> dedicated on gathering such informations. For example, someone say "I take
> care of watching security for libreoffice and will warn secteam if
> something need to be done".

We can maybe also use the "Open Source Vulnerability Database" from
http://osvdb.org/. This database can be downloaded, so maybe we can
integrate it into youri-check.

I think it will requires some work to match software name in OSVD and
our package names. Some people created "distromatch", a tool to match
package names between distributions. Maybe OSVD could be added to

More information about the Mageia-dev mailing list