1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Security Update Process
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20Update%20Process&In-Reply-To=%3C4DD4A059.1080407%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="004784.html">
<LINK REL="Next" HREF="004767.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Security Update Process</H1>
<B>Cazzaniga Sandro</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20Update%20Process&In-Reply-To=%3C4DD4A059.1080407%40gmail.com%3E"
TITLE="[Mageia-dev] Security Update Process">cazzaniga.sandro at gmail.com
</A><BR>
<I>Thu May 19 06:45:13 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="004784.html">[Mageia-dev] Freeze push request: tomcat6
</A></li>
<LI>Next message: <A HREF="004767.html">[Mageia-dev] Security Update Process
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4763">[ date ]</a>
<a href="thread.html#4763">[ thread ]</a>
<a href="subject.html#4763">[ subject ]</a>
<a href="author.html#4763">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Le 18/05/2011 22:38, Jérôme (saispo) Soyer a écrit :
><i> On Mon, May 16, 2011 at 4:45 PM, Stew Benedict <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">stewbintn at gmail.com</A>> wrote:
</I>>><i> OK,
</I>>><i>
</I>>><i> Mageia 1 is approaching quickly and we need to get our process in place
</I>>><i> for security updates. We talked a bit about it a few weeks ago, and I
</I>>><i> started a wiki page, but it needs more detail. Anne and I chatted on IRC
</I>>><i> and it looks like we'll want to cutoff the "on the iso " updates at the
</I>>><i> end of this week, so we need a process in place to release post-iso updates.
</I>>><i>
</I>>><i> ref: <A HREF="http://mageia.org/wiki/doku.php?id=security">http://mageia.org/wiki/doku.php?id=security</A>
</I>>><i>
</I>>><i> As I see it, initially we need, in no particular order:
</I>>><i>
</I>>><i> 1) a means to build updates for the release (iurt setup for mga1?)
</I>>><i> 2) a means to publish updates (mail list, web page)
</I>>><i> 3) a means to manage/track the updates (bugzilla?)
</I>>><i> 4) work out/publish the process so we all know how it works
</I>>><i>
</I>>><i> And then of course we need people to be aware of vulnerabilities as they
</I>>><i> are exposed. For now, we'll have be be slightly trailing until we can
</I>>><i> show a history of releasing updates and hopefully gain access to the
</I>>><i> closed list to get access to embargoed issues. Once that happens we will
</I>>><i> possibly need additional infrastructure changes to keep the work
</I>>><i> non-public before the embargo date.
</I>>><i>
</I>>><i> osvdb has a nice email aggregator that sends all the distro update
</I>>><i> announcements, and the oss-security list has many of the CVE requests.
</I>>><i> Unfortunately, my personal time hasn't allowed much more than a quick
</I>>><i> read as they go by :/ I know many of you have been doing security
</I>>><i> related bug reports and updates, which is great, thank-you. If anyone
</I>>><i> wants to take a larger role in managing the process I'm more than happy
</I>>><i> to let that happen. While I have experience, the time I'm able to commit
</I>>><i> is less than helpful.
</I>>><i>
</I>>><i> Comments, volunteers?
</I>>><i>
</I>>><i>
</I>>><i>
</I>>><i> --
</I>>><i> Stew Benedict
</I>>><i> New Tazewell, TN
</I>>><i>
</I>>><i>
</I>>><i>
</I>><i>
</I>><i> Ok for me to integrate the team, reporting CVE, fixing them quickly as
</I>><i> i can, and enhancing security in the distro :)
</I>Ok for me too, integrate the team and work at reporting and fixing CVE,
and/or enhancing security of mga!
--
Sandro Cazzaniga - <A HREF="https://lederniercoupdarchet.wordpress.com">https://lederniercoupdarchet.wordpress.com</A>
IRC: Kharec (irc.freenode.net)
Software/Hardware geek
Conceptor
Magnum's Coordinator/editor (<A HREF="http://wiki.mandriva.com/fr/Magnum">http://wiki.mandriva.com/fr/Magnum</A>)
Mageia and Mandriva contributor
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="004784.html">[Mageia-dev] Freeze push request: tomcat6
</A></li>
<LI>Next message: <A HREF="004767.html">[Mageia-dev] Security Update Process
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4763">[ date ]</a>
<a href="thread.html#4763">[ thread ]</a>
<a href="subject.html#4763">[ subject ]</a>
<a href="author.html#4763">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
