[illumos-Developer] security issues
Roland Mainz
roland.mainz at nrubsig.org
Wed Dec 8 07:23:36 PST 2010
On Wed, Dec 8, 2010 at 3:45 PM, Jerry Jelinek <jerry.jelinek at joyent.com> wrote:
> Back when Sun was doing OpenSolaris they were
> plugged into the various agencies, such as CERT,
> which issue advance notification when a security
> hole has been found. Sun could then quickly address
> the bug and issue a patch.
> Has anyone given any thought to how this might work
> now? Is it up to each distro to deal with these problems
> or is there some way we could all leverage common
> work through Illumos? Does anyone know how to get
> Illumos plugged into the various places which track these
> security holes before they are widely published?
AFAIK we need two things:
1. The bugtracker needs a boolean/checkbox which says "this bug is a
security issue and must only (initially) to a rstricted group of
(trusted) users". This is http://www.illumos.org/issues/456
("Bugtracker needs restricted group for security-relevant bugs")
2. I filed http://www.illumos.org/issues/462 for your issue (which
AFAIK should depend on bug #456)
Matt: Can you do the dependicies, please ? I have no access to them
with my Redmine account.
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
More information about the Developer
mailing list