From Fedora Project Wiki

Revision as of 15:43, 28 March 2016 by Sparks (talk | contribs) (Bold header sentence)

This is the work flow for helping fix security bugs in Fedora and EPEL.

  1. Select an open security bug from -> Open issues.
  2. Own the bug.
  3. Examine the bug details and validate if it is really a security issue.
  4. Determine if a fix is available and if the vulnerability is already fixed in Fedora by examining the current version and/or talking with the package maintainer.
  5. If a fix is not available, work with the upstream developers via bug tracking/mailing list/IRC channels to obtain a patch or new version which fixes the issue.
  6. Work with the package maintainer to get patch or fixed version packaged and pushed as a security update.
  7. GOTO 1;

If you run into a nonresponsive package maintainer we follow Release Engineering policy to overcome these issues.