>
> > > It has already gone through the normal approval process, but the
> question was raised whether this needs an additional approval from the
> Fedora Security Team, since this is a crypto library.
> >
> > I raised this question due to this section in the packaging gui
s a
> > need to add WolfSSL package to Fedora repos.
> >
> > It has already gone through the normal approval process, but the question
> > was raised whether this needs an additional approval from the Fedora
> > Security Team, since this is a crypto library.
>
> I r
tion was
raised whether this needs an additional approval from the Fedora Security Team,
since this is a crypto library.
I raised this question due to this section in the packaging guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries
Ne
he question was
> raised whether this needs an additional approval from the Fedora Security
> Team, since this is a crypto library.
I raised this question due to this section in the packaging guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_
02646
The Netatalk project is moving from OpenSSL -> WolfSSL. Hence there is a need
to add WolfSSL package to Fedora repos.
It has already gone through the normal approval process, but the question was
raised whether this needs an additional approval from the Fedora Security Team,
since t
t the Fedora Security Team, but
unfortunately the link provided in the documentation is no good:
https://lists.fedoraproject.org/mailman/listinfo/security
This points to a list that no longer exists. What is a good way to ping this
team? Thank you.
The URL is wrong, it is:
olicy:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
>
> Per the documentation, I should contact the Fedora Security Team, but
> unfortunately the link provided in the documentation is no good:
> https://lists.fedoraproject.org/mailman/listinfo/security
>
> This poi
On Sun, Aug 18, 2024 at 8:16 AM Andrew Bauer
wrote:
>
> I've got a question regarding a new crypto library that falls under this
> policy:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
>
> Per the documentation, I should contact the Fe
I've got a question regarding a new crypto library that falls under this policy:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Per the documentation, I should contact the Fedora Security Team, but
unfortunately the link provided in the documentation is no good:
Stephen Gallagher wrote:
> Generally, whenever Node.js issues a security release, they do so for
> multiple issues simultaneously. When Product Security then goes and creates
> Bugzilla tickets, they create many (sometimes up to five bugs per CVE). It
> becomes nearly impossible to keep up with the
her"
> To: "Development discussions related to Fedora"
>
> Sent: Wednesday, November 4, 2020 8:31:32 PM
> Subject: Re: Fedora Security Team
>
>
>
> On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com > wro
SecurityTracking whiteboard if you cant find otherwise.
Let me know if you need help, in tracking your fedora security bugs :)
- Original Message -
From: "Stephen Gallagher"
To: "Development discussions related to Fedora"
Sent: Wednesday, November 4, 2020 8:31:32 PM
Subject:
On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:
> On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> > * Right, Fedora package CVEs and relevant bugs are filed by Red Hat
> Product security team.
> >
> > * CVEs/bugs are fixed in the upstre
On Tuesday, 03 November 2020 at 17:36, Marek Marczykowski-Górecki wrote:
[...]
> But by looking at few random items there, it seems the fix is
> available in a subsequent upstream release and what is missing is just
> bumping the package version in Fedora.
"Just bumping" may not always be trivial,
On Tue, Nov 03, 2020 at 05:47:28PM +0100, Dominique Martinet wrote:
> Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> > Do you know if some parts of the above already exist? I know Debian has
> > automatic checks for latest upstream versions, but I haven't seen it in
> > Fedora.
>
> Fedor
Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> Do you know if some parts of the above already exist? I know Debian has
> automatic checks for latest upstream versions, but I haven't seen it in
> Fedora.
Fedora has "Upstream Release Monitoring"
https://fedoraproject.org/wiki/Upstream_rel
On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> * Right, Fedora package CVEs and relevant bugs are filed by Red Hat Product
> security team.
>
> * CVEs/bugs are fixed in the upstream sources first. Fedora package
> maintainers do rebuild
> of the package with released fixes.
I see cu
e CVEs and relevant bugs are filed by Red Hat Product
security team.
* CVEs/bugs are fixed in the upstream sources first. Fedora package maintainers
do rebuild
of the package with released fixes.
* Often, Fedora package maintainer is also an upstream developer/maintainer.
It helps to fix issues
On Tue, Nov 3, 2020 at 12:53 am, Marek Marczykowski-Górecki
wrote:
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only?
Hi,
Red Hat Product Security is r
Hello all,
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only? I've tried to
find some information on that, but the only thing I've found is this
page:
nnel[2] where we hang out.
[0] https://fedoraproject.org/wiki/Security_Team
[1] https://lists.fedoraproject.org/mailman/listinfo/security-team
[2] #fedora-security-team on irc.freenode.net
- -- Eric
- --
Eric "Sparks" Christensen
Fedora Proj
21 matches
Mail list logo
