Security/ResponseTeam

The Fedora Security Response Team is currently in the creation stage. The initial purpose of the team is to track public security issues in Fedora.

= Members =

Team members, along with their primary security related interests and competencies:


 * Monitoring/reporting; general packaging related issues; buildsystem related issues; all supported releases
 * JoshBressers (Team Lead)
 * JesseKeating


 * Monitoring/reporting; Java, Perl, Python, shell, SQL, HTML, Javascript, general packaging related issues; current FC+FE release
 * ChrisRicker


 * Working with Fedora Legacy; Monitoring/reporting; RPM packaging; interfacing with Fedora Extras
 * JasonTibbitts
 * DavidEisenstein


 * Security updates, bodhi,  SecurityLiveCD
 * LukeMacken


 * Monitoring, reporting, triaging and tracking.
 * LubomirKundrak


 * Monitoring/reporting, EPEL security tracking.
 * KevinFenzi

Goals

 * Monitor various security information sources for potential security problems (old and new ones)
 * When an issue is discovered: file appropriate bugs, alerting the maintainer of the need to patch their package.
 * Maintain list of fixed and unfixed security issues in a public CVS repository (similar how it is done for core)
 * Create and post announcements for fixed packages to proper mailing lists
 * Encourage and foster public discussion of various security issues and procedures via the fedora-security mailing list.

Contacting
Email is the best way to contact the Fedora Security Response Team. Public requests should be sent via [[MailTo(fedora-security-list AT SPAMFREE redhat DOT com)]. Private requests may be sent to [[MailTo(security AT SPAMFREE fedoraproject DOT org)].

Participation
Individuals with interest in the Security Response Team, or the Fedora security process should subscribe to the fedora security list. The goal of this list is to provide a public venue for the discussion of security issues and policies regarding the various Fedora projects. Various members of the team can also be found in the #fedora-security channel on Freenode.