Announcement

Collapse
No announcement yet.

Fedora Assembles A Security Team

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora Assembles A Security Team

    Phoronix: Fedora Assembles A Security Team

    A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

    http://www.phoronix.com/vr.php?view=MTc1MzI

  • #2
    Originally posted by phoronix View Post
    Phoronix: Fedora Assembles A Security Team

    A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

    http://www.phoronix.com/vr.php?view=MTc1MzI
    https://fedoraproject.org/wiki/Security_Team

    "6. Close bug when vulnerability is shipped in Fedora repos."

    Hmmm?

    Comment


    • #3
      Originally posted by michal View Post
      https://fedoraproject.org/wiki/Security_Team

      "6. Close bug when vulnerability is shipped in Fedora repos."

      Hmmm?
      Fixed. Thanks for the note.

      Comment


      • #4
        Originally posted by phoronix View Post
        Phoronix: Fedora Assembles A Security Team

        A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

        http://www.phoronix.com/vr.php?view=MTc1MzI

        is this security team going to (re)act on reported/known security related issues (bugs) or will the team be doing things like source code audits (automated and/or manual) in hopes of discovering bugs that haven't been reported or are unknown? I realize this is a massive, potentially endless undertaking but with tools a lot of what's buggy/leaky can be uncovered ... which would eventually make it in Fedora as well as RHEL/CentOS.

        Comment


        • #5
          Originally posted by MartinN View Post
          is this security team going to (re)act on reported/known security related issues (bugs) or will the team be doing things like source code audits (automated and/or manual) in hopes of discovering bugs that haven't been reported or are unknown? I realize this is a massive, potentially endless undertaking but with tools a lot of what's buggy/leaky can be uncovered ... which would eventually make it in Fedora as well as RHEL/CentOS.
          A large amount of it is I suspect dealing with incoming reports but its not uncommon to analyze and report new security vulnerabilities or suggest distro level mitigation techniques as part of making the distro overall more secure.

          https://lists.fedoraproject.org/pipe...ly/000025.html

          https://fedoraproject.org/wiki/Security_Features_Matrix

          Comment


          • #6
            Originally posted by RahulSundaram View Post
            A large amount of it is I suspect dealing with incoming reports but its not uncommon to analyze and report new security vulnerabilities or suggest distro level mitigation techniques as part of making the distro overall more secure.

            https://lists.fedoraproject.org/pipe...ly/000025.html

            https://fedoraproject.org/wiki/Security_Features_Matrix
            does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo

            Comment


            • #7
              Originally posted by justmy2cents View Post
              does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
              I use fedora without RPMfusion. so by your logic, dodos are still alive and well.

              Comment


              • #8
                Originally posted by justmy2cents View Post
                does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
                Well, there are lots of deployments of Fedora without RPM Fusion. Cloud, minimal images and even workstation type users often don't use any third party repositories. Heck, I am typing it from one such system right now. Having said that, the amount of packages in those repositories and security issues associated with them are fairly low and taken care of by the repository maintainers directly. There is nothing preventing anyone from volunteering to do cross repository work when needed and people often do. Most if not all RPM Fusion maintainers are involved in the official Fedora project repositories as well.

                Comment


                • #9
                  2.5. Be one with the bug.

                  Comment


                  • #10
                    Originally posted by justmy2cents View Post
                    does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
                    I have large number of Fedora servers w/o RPMFusion.

                    In general, I only enable RPMFusion on workstations / laptops.
                    DEV: Intel S2600C0, 2xE5-2658V2, 32GB, 6x2TB, GTX1080, F30/x86_64, Dell UP3216Q 4K.
                    SRV: Intel S5520SC, 2xX5680, 36GB, 6x2TB, GTX550, F30/x86_64, Dell U2711.
                    WIN: Gigabyte B85M-HD3, E3-1245V3, 32GB, 5x1TB, GTX980, Win10Pro.
                    LAP: ASUS Strix GL502V, i7-6700HQ, 32GB, 1TB+256GB, 1070M, F30/x86_64.

                    Comment

                    Working...
                    X