On 18/08/2024 14.22, Neal Gompa wrote:
On Sun, Aug 18, 2024 at 8:16 AM Andrew Bauer
<zonexpertconsult...@outlook.com> wrote:
I've got a question regarding a new crypto library that falls under this policy:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Per the documentation, I should contact the Fedora Security Team, but
unfortunately the link provided in the documentation is no good:
https://lists.fedoraproject.org/mailman/listinfo/security
This points to a list that no longer exists. What is a good way to ping this
team? Thank you.
The URL is wrong, it is:
https://lists.fedoraproject.org/admin/lists/security.lists.fedoraproject.org/
That said, the list is inactive and the formal security team disbanded
many years ago.
Well, since the XZUtils issue, we started to setup something new, but its not
the same, and the scope is different (no SIG with dedicated members itself). So
far, we have a #security-sig in discourse as a superordinated tag/SIG for
related SIGs and place to start if someone doesn't know where to start with
security issues. I set this up with mattdm, siosm and some other contributors.
But so far, this is only the #confined-users (sub-)SIG [1] and the yet to be
established #incident-resopnse (sub-)SIG . It's less intended as dedicated SIG
but as point of coordination and exchange, and with the goal that all can see
in Discourse if something is #security-sig (some have subscribed to the tag if
something comes up)
That said, the elaborated case here is not yet something where the
#security-sig can be useful I think. But using the #security-sig to increase
outreach and exchange with other security-relevant SIGs / teams / actors might
be kept in mind.
Just to let you know that there is something that can evolve with demand 🙂
[1] https://fedoraproject.org/wiki/SIGs/ConfinedUsers
Best,
Chris
You may want to check the Matrix room, which does have some activity:
https://matrix.to/#/#security:fedoraproject.org
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
