Security Team Work Flow: Difference between revisions

Revision as of 15:43, 28 March 2016

This is the work flow for helping fix security bugs in Fedora and EPEL.

Select an open security bug from -> Open issues.
Own the bug.
Examine the bug details and validate if it is really a security issue.
Determine if a fix is available and if the vulnerability is already fixed in Fedora by examining the current version and/or talking with the package maintainer.
If a fix is not available, work with the upstream developers via bug tracking/mailing list/IRC channels to obtain a patch or new version which fixes the issue.
Work with the package maintainer to get patch or fixed version packaged and pushed as a security update.
GOTO 1;

If you run into a nonresponsive package maintainer we follow Release Engineering policy to overcome these issues.

Revision as of 15:42, 28 March 2016 (view source) Sparks (talk \| contribs) No edit summary ← Older edit		Revision as of 15:43, 28 March 2016 (view source) Sparks (talk \| contribs) (Bold header sentence) Newer edit →
Line 1:		Line 1:
	This is the work flow for helping fix security bugs in Fedora and EPEL.		'''This is the work flow for helping fix security bugs in Fedora and EPEL.'''

	# Select an open security bug from -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security%2C%20SecurityTracking%2C%20&query_format=advanced Open issues].		# Select an open security bug from -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=Security%2C%20SecurityTracking%2C%20&query_format=advanced Open issues].