A lot of interests have been risen to get “something” with a more dedicated emphasis on security back to Fedora, and the security-sig in discourse and the Matrix channel #security:fedoraproject.org have risen and started to exchange and coordinate. There have been several related discussions in Matrix and some also here (feel free to review).
@q5sys wants to prepare a Docs page that is a little more detailed (what the SIG is and what it can do, whom to contact in what situation, how to handle what security-relevant situation, and so on) and which we aim to maintain within the Matrix channel and the related SIGs.
However, I have prepared a wiki page, which I would like to add to our Fedora wiki more quickly: it does not aim to be detailed or provide the information like a potential Docs page, but a lot of people begin (or end) their search on the wiki, and I want to have something there that makes aware that a type of security SIG exists, what it is, and where to connect/exchange with it. This also aims to contribute to raise awareness of the case and to make aware that the long-standing fact “there is no security sig/team” no longer generally applies.
The page aims to be generic and to not need much maintenance or updates.
The page already aims to reflect the discussions that have occurred towards a new security SIG in the recent days/weeks: feel free to read it also to get an overview (but also feel free to correct me ).
Here is the draft: feel free to discuss, or to propose changes.
<deleted>
Supplement: See SIGs/Security - Fedora Project Wiki
I already posted it in Matrix for the contributor’s consideration.
I would add a page for a “normal” SIG (security sig) and also add the security SIG to the general SIG page that contains a list of and links to all active SIGs.
Slight addition: since I do research in related areas, such an integrated approach without dedicating/separating a team for security is a potential explanation for much security in several fields around Linux (which remains secure in many areas where security is integrated and not separated/dedicated: “its just a bug/flaw that has to be tackled - urgent or not”) → if security is separated, this also separates information flows (and knowledge transfer and creation) between security people and non-security people when they solve problems and provide solutions. I avoid getting into details but thought it makes sense to mention that this can be seen as a well outcome and not just as a “better than nothing” approach
@mattdm @kevin I do not want to delete it without asking (I am not even sure if I have the privileges to do that), but does it make sense to remove the old security category at this time? It is really obsoleted. I do not see a use to keep it. Not sure if you agree? (I mean that one)