[Mageia-dev] Security Update Process

Cazzaniga Sandro cazzaniga.sandro at gmail.com
Thu May 19 06:45:13 CEST 2011 

Le 18/05/2011 22:38, Jérôme (saispo) Soyer a écrit :
> On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <stewbintn at gmail.com> wrote:
>> OK,
>>
>> Mageia 1 is approaching quickly and we need to get our process in place
>> for security updates. We talked a bit about it a few weeks ago, and I
>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
>> and it looks like we'll want to cutoff the "on the iso " updates at the
>> end of this week, so we need a process in place to release post-iso updates.
>>
>> ref: http://mageia.org/wiki/doku.php?id=security
>>
>> As I see it, initially we need, in no particular order:
>>
>> 1) a means to build updates for the release (iurt setup for mga1?)
>> 2) a means to publish updates (mail list, web page)
>> 3) a means to manage/track the updates (bugzilla?)
>> 4) work out/publish the process so we all know how it works
>>
>> And then of course we need people to be aware of vulnerabilities as they
>> are exposed. For now, we'll have be be slightly trailing until we can
>> show a history of releasing updates and hopefully gain access to the
>> closed list to get access to embargoed issues. Once that happens we will
>> possibly need additional infrastructure changes to keep the work
>> non-public before the embargo date.
>>
>> osvdb has a nice email aggregator that sends all the distro update
>> announcements, and the oss-security list has many of the CVE requests.
>> Unfortunately, my personal time hasn't allowed much more than a quick
>> read as they go by :/ I know many of you have been doing security
>> related bug reports and updates, which is great, thank-you. If anyone
>> wants to take a larger role in managing the process I'm more than happy
>> to let that happen. While I have experience, the time I'm able to commit
>> is less than helpful.
>>
>> Comments, volunteers?
>>
>>
>>
>> --
>> Stew Benedict
>> New Tazewell, TN
>>
>>
>>
> 
> Ok for me to integrate the team, reporting CVE, fixing them quickly as
> i can, and enhancing security in the distro :)
Ok for me too, integrate the team and work at reporting and fixing CVE,
and/or enhancing security of mga!

-- 
Sandro Cazzaniga - https://lederniercoupdarchet.wordpress.com
IRC: Kharec (irc.freenode.net)
Software/Hardware geek
Conceptor
Magnum's Coordinator/editor (http://wiki.mandriva.com/fr/Magnum)
Mageia and Mandriva contributor

More information about the Mageia-dev mailing list