Security/ResponseTeam
From FedoraProject
The Fedora Security Response Team is currently in the creation stage. The initial purpose of the team is to track public security issues in Fedora.
Contents |
Members
Team members, along with their primary security related interests and competencies:
- Monitoring/reporting; general packaging related issues; buildsystem related issues; all supported releases
- JoshBressers (Team Lead)
- JesseKeating
- Monitoring/reporting; Java, Perl, Python, shell, SQL, HTML, Javascript, general packaging related issues; current FC+FE release
- Working with Fedora Legacy; Monitoring/reporting; RPM packaging; interfacing with Fedora Extras
- Security updates, bodhi , SecurityLiveCD
- Monitoring, reporting, triaging and tracking.
- Monitoring/reporting, EPEL security tracking.
Goals
- Monitor various security information sources for potential security problems (old and new ones)
- When an issue is discovered: file appropriate bugs, alerting the maintainer of the need to patch their package.
- Maintain list of fixed and unfixed security issues in a public CVS repository (similar how it is done for core)
- Create and post announcements for fixed packages to proper mailing lists
- Encourage and foster public discussion of various security issues and procedures via the fedora-security mailing list.
Contacting
Email is the best way to contact the Fedora Security Response Team. Public requests should be sent via [[MailTo(fedora-security-list AT SPAMFREE redhat DOT com)]. Private requests may be sent to [[MailTo(security AT SPAMFREE fedoraproject DOT org)] .
Participation
Individuals with interest in the Security Response Team, or the Fedora security process should subscribe to the fedora security list . The goal of this list is to provide a public venue for the discussion of security issues and policies regarding the various Fedora projects. Various members of the team can also be found in the #fedora-security channel on Freenode.
