[Mageia-dev] Summary of secteam meeting yesterday

Wed Apr 20 22:50:44 CEST 2011

On 04/20/2011 04:31 PM, Michael Scherer wrote:
+> Hi,
+>
+> yesterday was the meeting regarding secteam creation.
+>
+> The log can be found on :
+> http://meetbot.mageia.org/mageia-dev/2011/mageia-dev.2011-04-19-19.10.html
+>
+> For now, we have no specific requirements of privacy or anything and the
+> main goals are to prepare everything ( I will post on -web and -sysadm
+> for the need on infra and web ), and to make sure we do not ship with
+> know security issues.
+>
+> So what we need for now is people to check our packages and see if there
+> is some issues, and fill bug reports for that. 
+> Stew will take care of coordination, so i will let him speak of that.
+>
+>
+>   
+I've opened a rollup bug to feed into the final release. Please add this
+as a "blocks" to any security related bugs you might open.
+
+https://bugs.mageia.org/show_bug.cgi?id=908
+
+I've also subscribed to oss-security and started the process for us to
+be able to gain admittance to the private list, first by creating an
+entry on their wiki:
+
+http://oss-security.openwall.org/wiki/vendors#mageia
+
+As well as the related freedesktop page:
+
+http://distributions.freedesktop.org/wiki/DistributionLocations
+
+Next steps to gain admittance is to do a release, create a security@
+address, and publish a web page showing we issue/track updates.
+We can then petition for admittance to the private list.
+
+As my time is somewhat limited, I'm more than happy to accept any/all
+help as far as identifying/fixing/tracking issues with our packages.
+
+-- 
+Stew Benedict
+New Tazewell, TN
+
+
+