|
|
| (8 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| '''This is the work flow for helping fix security bugs in Fedora and EPEL.'''
| | #REDIRECT [[SIGs/Security]] |
| | |
| # Select an open security bug from -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security%2C%20SecurityTracking%2C%20&query_format=advanced Open issues]. | |
| # [[Security_Team#Bug_Ownership|Own the bug]].
| |
| # Examine the bug details and validate if it is really a security issue.
| |
| # Determine if a fix is available and if the vulnerability is already fixed in Fedora by examining the current version and/or talking with the package maintainer.
| |
| # If a fix is not available, work with the upstream developers via bug tracking/mailing list/IRC channels to obtain a patch or new version which fixes the issue.
| |
| # Work with the package maintainer to get patch or fixed version packaged and pushed as a security update.
| |
| # GOTO 1;
| |
| | |
| If you run into a [[Policy_for_nonresponsive_package_maintainers | nonresponsive package maintainer]] we follow Release Engineering policy to overcome these issues.
| |
| | |
| [[Category:Security Team]]
| |
