Re: RFC: creating a security team

From: Jeff Waugh <jdub perkypants org>
To: gnome-hackers gnome org
Subject: Re: RFC: creating a security team
Date: Wed, 21 Mar 2007 06:54:31 +1100

<quote who="Vincent Untz">

> In a discussion I had at FOSDEM, it was mentioned that it was not clear
> what should be done when someone finds a security hole in GNOME. We don't
> have a central point of contact for this.
> 
> Would it make sense to create a small security team? I guess it wouldn't
> be a lot of work, since it'd be mainly contacting the relevant
> maintainers. We would probably create a private security gnome org mailing
> list. And also, we could add a small checkbox in bugzilla to mention that
> a bug is security-related, so it should be hidden by default (and the
> security team would be cc'ed).

I brought this issue up a few years ago and learned from it: I tend to think
the current system (approach distros who go to vendorsec) is the better way
to go for GNOME. We could certainly document it better. We already have
private/security permissions in bugzilla (only appears to GNOME hackers).
I'm not sure we can do this better than the people already doing it.

- Jeff

-- 
Open CeBIT 2007: Sydney, Australia              http://www.opencebit.com.au/
 
  "Linux continues to have almost as much soul as James Brown." - Forrest
                                 Cook, LWN

Follow-Ups:
- Re: RFC: creating a security team
  - From: =?iso-8859-1?Q?Lo=EFc?= Minier

References:
- RFC: creating a security team
  - From: Vincent Untz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]