From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20110519/004763.html | 131 ++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 zarb-ml/mageia-dev/20110519/004763.html (limited to 'zarb-ml/mageia-dev/20110519/004763.html') diff --git a/zarb-ml/mageia-dev/20110519/004763.html b/zarb-ml/mageia-dev/20110519/004763.html new file mode 100644 index 000000000..b7515ff56 --- /dev/null +++ b/zarb-ml/mageia-dev/20110519/004763.html @@ -0,0 +1,131 @@ + + + + [Mageia-dev] Security Update Process + + + + + + + + + +

[Mageia-dev] Security Update Process

+ Cazzaniga Sandro + cazzaniga.sandro at gmail.com +
+ Thu May 19 06:45:13 CEST 2011 +

+
+ +
Le 18/05/2011 22:38, Jérôme (saispo) Soyer a écrit :
+> On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <stewbintn at gmail.com> wrote:
+>> OK,
+>>
+>> Mageia 1 is approaching quickly and we need to get our process in place
+>> for security updates. We talked a bit about it a few weeks ago, and I
+>> started a wiki page, but it needs more detail. Anne and I chatted on IRC
+>> and it looks like we'll want to cutoff the "on the iso " updates at the
+>> end of this week, so we need a process in place to release post-iso updates.
+>>
+>> ref: http://mageia.org/wiki/doku.php?id=security
+>>
+>> As I see it, initially we need, in no particular order:
+>>
+>> 1) a means to build updates for the release (iurt setup for mga1?)
+>> 2) a means to publish updates (mail list, web page)
+>> 3) a means to manage/track the updates (bugzilla?)
+>> 4) work out/publish the process so we all know how it works
+>>
+>> And then of course we need people to be aware of vulnerabilities as they
+>> are exposed. For now, we'll have be be slightly trailing until we can
+>> show a history of releasing updates and hopefully gain access to the
+>> closed list to get access to embargoed issues. Once that happens we will
+>> possibly need additional infrastructure changes to keep the work
+>> non-public before the embargo date.
+>>
+>> osvdb has a nice email aggregator that sends all the distro update
+>> announcements, and the oss-security list has many of the CVE requests.
+>> Unfortunately, my personal time hasn't allowed much more than a quick
+>> read as they go by :/ I know many of you have been doing security
+>> related bug reports and updates, which is great, thank-you. If anyone
+>> wants to take a larger role in managing the process I'm more than happy
+>> to let that happen. While I have experience, the time I'm able to commit
+>> is less than helpful.
+>>
+>> Comments, volunteers?
+>>
+>>
+>>
+>> --
+>> Stew Benedict
+>> New Tazewell, TN
+>>
+>>
+>>
+> 
+> Ok for me to integrate the team, reporting CVE, fixing them quickly as
+> i can, and enhancing security in the distro :)
+Ok for me too, integrate the team and work at reporting and fixing CVE,
+and/or enhancing security of mga!
+
+-- 
+Sandro Cazzaniga - https://lederniercoupdarchet.wordpress.com
+IRC: Kharec (irc.freenode.net)
+Software/Hardware geek
+Conceptor
+Magnum's Coordinator/editor (http://wiki.mandriva.com/fr/Magnum)
+Mageia and Mandriva contributor
+
+ + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1