Announcement

Collapse
No announcement yet.

Fedora Assembles A Security Team

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora Assembles A Security Team

    Phoronix: Fedora Assembles A Security Team

    A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Originally posted by phoronix View Post
    Phoronix: Fedora Assembles A Security Team

    A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

    http://www.phoronix.com/vr.php?view=MTc1MzI


    "6. Close bug when vulnerability is shipped in Fedora repos."

    Hmmm?

    Comment


    • #3
      Originally posted by michal View Post
      https://fedoraproject.org/wiki/Security_Team

      "6. Close bug when vulnerability is shipped in Fedora repos."

      Hmmm?
      Fixed. Thanks for the note.

      Comment


      • #4
        Originally posted by phoronix View Post
        Phoronix: Fedora Assembles A Security Team

        A Fedora Security Team has been setup to clean up vulnerabilities and other security-related issues present within the popular Linux distribution...

        http://www.phoronix.com/vr.php?view=MTc1MzI

        is this security team going to (re)act on reported/known security related issues (bugs) or will the team be doing things like source code audits (automated and/or manual) in hopes of discovering bugs that haven't been reported or are unknown? I realize this is a massive, potentially endless undertaking but with tools a lot of what's buggy/leaky can be uncovered ... which would eventually make it in Fedora as well as RHEL/CentOS.

        Comment


        • #5
          Originally posted by MartinN View Post
          is this security team going to (re)act on reported/known security related issues (bugs) or will the team be doing things like source code audits (automated and/or manual) in hopes of discovering bugs that haven't been reported or are unknown? I realize this is a massive, potentially endless undertaking but with tools a lot of what's buggy/leaky can be uncovered ... which would eventually make it in Fedora as well as RHEL/CentOS.
          A large amount of it is I suspect dealing with incoming reports but its not uncommon to analyze and report new security vulnerabilities or suggest distro level mitigation techniques as part of making the distro overall more secure.



          Comment


          • #6
            Originally posted by RahulSundaram View Post
            A large amount of it is I suspect dealing with incoming reports but its not uncommon to analyze and report new security vulnerabilities or suggest distro level mitigation techniques as part of making the distro overall more secure.



            https://fedoraproject.org/wiki/Security_Features_Matrix
            does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo

            Comment


            • #7
              Originally posted by justmy2cents View Post
              does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
              I use fedora without RPMfusion. so by your logic, dodos are still alive and well.

              Comment


              • #8
                Originally posted by justmy2cents View Post
                does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
                Well, there are lots of deployments of Fedora without RPM Fusion. Cloud, minimal images and even workstation type users often don't use any third party repositories. Heck, I am typing it from one such system right now. Having said that, the amount of packages in those repositories and security issues associated with them are fairly low and taken care of by the repository maintainers directly. There is nothing preventing anyone from volunteering to do cross repository work when needed and people often do. Most if not all RPM Fusion maintainers are involved in the official Fedora project repositories as well.

                Comment


                • #9
                  2.5. Be one with the bug.

                  Comment


                  • #10
                    Originally posted by justmy2cents View Post
                    does that go for official repos or rpmfusion and usual culprits too? fedora user without any package from rpmfusion is probably as rare as dodo
                    I have large number of Fedora servers w/o RPMFusion.

                    In general, I only enable RPMFusion on workstations / laptops.
                    oVirt-HV1: Intel S2600C0, 2xE5-2658V2, 128GB, 8x2TB, 4x480GB SSD, GTX1080 (to-VM), Dell U3219Q, U2415, U2412M.
                    oVirt-HV2: Intel S2400GP2, 2xE5-2448L, 120GB, 8x2TB, 4x480GB SSD, GTX730 (to-VM).
                    oVirt-HV3: Gigabyte B85M-HD3, E3-1245V3, 32GB, 4x1TB, 2x480GB SSD, GTX980 (to-VM).
                    Devel-2: Asus H110M-K, i5-6500, 16GB, 3x1TB + 128GB-SSD, F33.

                    Comment

                    Working...
                    X