[OLPC Security] OLPC and Fedora Security response
Michael Stone
michael at laptop.org
Tue Feb 26 16:59:20 EST 2008
Lubomir,
First, thanks very much for contacting us.
> I am wondering how Fedora security response team can be helpful to the
> OLPC project software: We currently monitor various sources for security
> issues that affect software shipped in Fedora distribution, notify the
> developers about relevant flaws that affect us via bugzilla and track
> progress on fixing.
We can certainly use any help that you can offer. :)
> As Fedora project developers and infrastructure are involved in
> development and packaging of OLPC software, we can add OLPC to list of
> software we track security issues for.
This would be wonderful - please do so. Public notifications could be
directed to devel at lists.laptop.org or to security at lists.laptop.org
depending on how broadly you want to publish the information within the
OLPC community. Private notifications can be sent to
security-notifications at rt.laptop.org, which will be our
controlled-distribution mail queue for security notifications.
> I'm specifically interested in how are security issues treated currently
> -- how do you deploy updates and when.
To date, all security updates have been provided as a part of our
regularly scheduled releases. However, necessity has forced us to
develop an 'unscheduled software release process' in order to control
the risks incurred by changing our software to support deployments (in
Uruguay, Mongolia, and now, Peru) or to fix crucial late-breaking bugs:
http://wiki.laptop.org/go/Unscheduled_software_release_process
> Do you fix only issues of some specific severity or all of them?
As the 'Proposal Criteria' section suggests, we're most interested in
security issues that threaten theft-deterrence or child safety; or that
threaten the educational utility of large numbers of laptops.
> What kind of input from SRT would be interesting to you?
I'm not terribly familiar with what kind of output the SRT usually
produces. Could you direct me to some examples of your work so I can
give you a better answer?
Michael
More information about the Security
mailing list