From Fedora Project Wiki
(Created page with "This is the work flow for helping fix security bugs in Fedora and EPEL. # Select an open security bug from -> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_stat...") |
No edit summary |
||
| Line 10: | Line 10: | ||
If you run into a [[Policy_for_nonresponsive_package_maintainers | nonresponsive package maintainer]] we follow Release Engineering policy to overcome these issues. | If you run into a [[Policy_for_nonresponsive_package_maintainers | nonresponsive package maintainer]] we follow Release Engineering policy to overcome these issues. | ||
[[Category:Security Team]] | |||
Revision as of 15:42, 28 March 2016
This is the work flow for helping fix security bugs in Fedora and EPEL.
- Select an open security bug from -> Open issues.
- Own the bug.
- Examine the bug details and validate if it is really a security issue.
- Determine if a fix is available and if the vulnerability is already fixed in Fedora by examining the current version and/or talking with the package maintainer.
- If a fix is not available, work with the upstream developers via bug tracking/mailing list/IRC channels to obtain a patch or new version which fixes the issue.
- Work with the package maintainer to get patch or fixed version packaged and pushed as a security update.
- GOTO 1;
If you run into a nonresponsive package maintainer we follow Release Engineering policy to overcome these issues.