Fedora uses identical processes for delivering security and non-security package fixes. Unlike many other distributions that have security updates built only by members of their security teams, Fedora security updates are prepared by package maintainers. Fedora Security Response Team aims to ensure that all known security flaws affecting components included in Fedora are reported to respective maintainers.
Monitoring and reporting of the issues is currently handled by members of Red Hat Product Security.
- Monitor various security information sources for potential security problems (old and new ones)
- When an issue is discovered: file appropriate bugs, alerting the maintainer of the need to patch their package.
- Encourage and foster public discussion of various security issues and procedures via the fedora-security mailing list.
Email is the best way to contact the Fedora Security Response Team. Public requests should be sent via security@SPAMFREE.lists.fedoraproject.org. Private requests may be sent to security@SPAMFREE.fedoraproject.org.
Individuals with interest in the Security Response Team, or the Fedora security process should subscribe to the fedora security list. The goal of this list is to provide a public venue for the discussion of security issues and policies regarding the various Fedora projects. Various members of the team can also be found in the #fedora-security channel on Freenode.