Re: RFC: creating a security team

From: Federico Mena Quintero <federico ximian com>
To: Vincent Untz <vuntz gnome org>
Cc: gnome-hackers gnome org
Subject: Re: RFC: creating a security team
Date: Fri, 23 Mar 2007 13:16:53 -0600

El mar, 20-03-2007 a las 20:49 +0100, Vincent Untz escribi�> Would it make sense to create a small security team? I guess it wouldn't
> be a lot of work, since it'd be mainly contacting the relevant
> maintainers. We would probably create a private security gnome org
> mailing list. And also, we could add a small checkbox in bugzilla to
> mention that a bug is security-related, so it should be hidden by
> default (and the security team would be cc'ed).

Getting reports on security bugs -> an alias for the release team is
probably fine; make sure distributor-list gets notified as well.
Someone *may* need to get their act together and patch obsolete GNOME
releases as well :)

Notifying distributors of security fixes -> do we need anything more
than to mail distributor-list when a fix is available?  We can ask
maintainers to mail that list when appropriate.

  Federico

Follow-Ups:
- Re: RFC: creating a security team
  - From: Vincent Untz

References:
- RFC: creating a security team
  - From: Vincent Untz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]