Fedora Moves Ahead With Plans To Drop Packages Having Bad Security Practices

Written by Michael Larabel in Fedora on 27 August 2018 at 03:53 PM EDT. 22 Comments
The Fedora Engineering and Steering Committee (FESCo) has signed off on plans to drop packages with consistently bad security records.

This is aimed at removing packages from the Fedora package archive that have known security issues against them and not addressed in timely manners. Per today's FESCo meeting minutes, the protocol they agreed upon are:
If a CRITICAL or IMPORTANT security issue is currently open against a package, or a security issue of lower severity has been open for at least 6 months, four weeks before the branch point a procedure similar to long-standing FTBFS will be triggered immediately, with 8 weeks of weekly notifications to maintainers and subsequent orphaning and then subsequent removal from distribution.

This will apply to all Fedora packages moving forward.

FESCo also approved today the renaming of Fedora Atomic Workstation to Fedora Silverblue. But if it's not done in time this could be delayed to Fedora 30.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week