[Mageia-dev] Meeting for secteam start
nicolas vigier
boklm at mars-attacks.org
Sat Apr 16 22:04:40 CEST 2011
On Sat, 16 Apr 2011, Michael Scherer wrote:
>
>> Old Process:
>>
>> * monitor vendor-sec, discuss vulns, patches, negotiate release schedule,
>> also watch other distro updates, for things we may have missed
>
> We could ask to maintainers to help on that regard,
> or, like proposed for mageia-app-db and package testing, have a list of
> people
> dedicated on gathering such informations. For example, someone say "I take
> care of watching security for libreoffice and will warn secteam if
> something need to be done".
We can maybe also use the "Open Source Vulnerability Database" from
http://osvdb.org/. This database can be downloaded, so maybe we can
integrate it into youri-check.
I think it will requires some work to match software name in OSVD and
our package names. Some people created "distromatch", a tool to match
package names between distributions. Maybe OSVD could be added to
distromatch.
More information about the Mageia-dev
mailing list