[Mageia-dev] Security Update Process
ennael at mageia.org
Thu May 19 12:26:35 CEST 2011
2011/5/19 Dexter Morgan <dmorganec at gmail.com>:
> 2011/5/18 Jérôme (saispo) Soyer <saispo at gmail.com>:
>> On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <stewbintn at gmail.com> wrote:
>>> Mageia 1 is approaching quickly and we need to get our process in place
>>> for security updates. We talked a bit about it a few weeks ago, and I
>>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
>>> and it looks like we'll want to cutoff the "on the iso " updates at the
>>> end of this week, so we need a process in place to release post-iso updates.
>>> ref: http://mageia.org/wiki/doku.php?id=security
>>> As I see it, initially we need, in no particular order:
>>> 1) a means to build updates for the release (iurt setup for mga1?)
>>> 2) a means to publish updates (mail list, web page)
>>> 3) a means to manage/track the updates (bugzilla?)
>>> 4) work out/publish the process so we all know how it works
>>> And then of course we need people to be aware of vulnerabilities as they
>>> are exposed. For now, we'll have be be slightly trailing until we can
>>> show a history of releasing updates and hopefully gain access to the
>>> closed list to get access to embargoed issues. Once that happens we will
>>> possibly need additional infrastructure changes to keep the work
>>> non-public before the embargo date.
>>> osvdb has a nice email aggregator that sends all the distro update
>>> announcements, and the oss-security list has many of the CVE requests.
>>> Unfortunately, my personal time hasn't allowed much more than a quick
>>> read as they go by :/ I know many of you have been doing security
>>> related bug reports and updates, which is great, thank-you. If anyone
>>> wants to take a larger role in managing the process I'm more than happy
>>> to let that happen. While I have experience, the time I'm able to commit
>>> is less than helpful.
>>> Comments, volunteers?
>>> Stew Benedict
>>> New Tazewell, TN
>> Ok for me to integrate the team, reporting CVE, fixing them quickly as
>> i can, and enhancing security in the distro :)
> You can count me in.
I guess you should use
http://mageia.org/wiki/doku.php?id=security#members to register
More information about the Mageia-dev