Stephen Gallagher wrote:
> Generally, whenever Node.js issues a security release, they do so for
> multiple issues simultaneously. When Product Security then goes and creates
> Bugzilla tickets, they create many (sometimes up to five bugs per CVE). It
> becomes nearly impossible to keep up with the
her"
> To: "Development discussions related to Fedora"
>
> Sent: Wednesday, November 4, 2020 8:31:32 PM
> Subject: Re: Fedora Security Team
>
>
>
> On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
> marma...@invisiblethingslab.com > wro
SecurityTracking whiteboard if you cant find otherwise.
Let me know if you need help, in tracking your fedora security bugs :)
- Original Message -
From: "Stephen Gallagher"
To: "Development discussions related to Fedora"
Sent: Wednesday, November 4, 2020 8:31:32 PM
Subject:
On Tue, Nov 3, 2020 at 11:39 AM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:
> On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> > * Right, Fedora package CVEs and relevant bugs are filed by Red Hat
> Product security team.
> >
> > * CVEs/bugs are fixed in the upstre
On Tuesday, 03 November 2020 at 17:36, Marek Marczykowski-Górecki wrote:
[...]
> But by looking at few random items there, it seems the fix is
> available in a subsequent upstream release and what is missing is just
> bumping the package version in Fedora.
"Just bumping" may not always be trivial,
On Tue, Nov 03, 2020 at 05:47:28PM +0100, Dominique Martinet wrote:
> Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> > Do you know if some parts of the above already exist? I know Debian has
> > automatic checks for latest upstream versions, but I haven't seen it in
> > Fedora.
>
> Fedor
Marek Marczykowski-Górecki wrote on Tue, Nov 03, 2020:
> Do you know if some parts of the above already exist? I know Debian has
> automatic checks for latest upstream versions, but I haven't seen it in
> Fedora.
Fedora has "Upstream Release Monitoring"
https://fedoraproject.org/wiki/Upstream_rel
On Tue, Nov 03, 2020 at 10:02:24AM +, P J P wrote:
> * Right, Fedora package CVEs and relevant bugs are filed by Red Hat Product
> security team.
>
> * CVEs/bugs are fixed in the upstream sources first. Fedora package
> maintainers do rebuild
> of the package with released fixes.
I see cu
Hello Marek,
On Tuesday, 3 November, 2020, 5:38:39 am IST, Michael Catanzaro
wrote:
>On Tue, Nov 3, 2020 at 12:53 am, Marek Marczykowski-Górecki
> wrote:
>> How are in practice security issues handled in Fedora? Is there an
>> active security team to help patching those in timely manner? Or is
On Tue, Nov 3, 2020 at 12:53 am, Marek Marczykowski-Górecki
wrote:
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only?
Hi,
Red Hat Product Security is r
10 matches
Mail list logo
