New generic wiki page security SIG / removal old page of Security Team

A lot of interests have been risen to get “something” with a more dedicated emphasis on security back to Fedora, and the security-sig in discourse and the Matrix channel #security:fedoraproject.org have risen and started to exchange and coordinate. There have been several related discussions in Matrix and some also here (feel free to review).

@q5sys wants to prepare a Docs page that is a little more detailed (what the SIG is and what it can do, whom to contact in what situation, how to handle what security-relevant situation, and so on) and which we aim to maintain within the Matrix channel and the related SIGs.

However, I have prepared a wiki page, which I would like to add to our Fedora wiki more quickly: it does not aim to be detailed or provide the information like a potential Docs page, but a lot of people begin (or end) their search on the wiki, and I want to have something there that makes aware that a type of security SIG exists, what it is, and where to connect/exchange with it. This also aims to contribute to raise awareness of the case and to make aware that the long-standing fact “there is no security sig/team” no longer generally applies.

The page aims to be generic and to not need much maintenance or updates.

The page already aims to reflect the discussions that have occurred towards a new security SIG in the recent days/weeks: feel free to read it also to get an overview (but also feel free to correct me :classic_smiley:).

Here is the draft: feel free to discuss, or to propose changes.
<deleted>
Supplement: See SIGs/Security - Fedora Project Wiki

I already posted it in Matrix for the contributor’s consideration.

I would add a page for a “normal” SIG (security sig) and also add the security SIG to the general SIG page that contains a list of and links to all active SIGs.

Slight addition: since I do research in related areas, such an integrated approach without dedicating/separating a team for security is a potential explanation for much security in several fields around Linux (which remains secure in many areas where security is integrated and not separated/dedicated: “its just a bug/flaw that has to be tackled - urgent or not”) → if security is separated, this also separates information flows (and knowledge transfer and creation) between security people and non-security people when they solve problems and provide solutions. I avoid getting into details but thought it makes sense to mention that this can be seen as a well outcome and not just as a “better than nothing” approach :classic_smiley:


@mattdm @kevin I do not want to delete it without asking (I am not even sure if I have the privileges to do that), but does it make sense to remove the old security category at this time? It is really obsoleted. I do not see a use to keep it. Not sure if you agree? (I mean that one)

1 Like

Yeah, deletion isn’t normally possible (you have to be in an admin type
group for that), but you can edit!

So, I would suggest just editing the page and updating it. The old stuff
will be in history if anyone needs it. That edit could even be pretty
simple and just say that there is a re-vival starting up and how to get
involved.

2 Likes

The problem is the page and its category is about the chartered “Security Team”, this is now “just” a Security SIG. It is also a little strange why the existing page is spread among several pages within a category, while the main page just imports paragraphs from the sub-pages.

If that’s fine, I would just create an “easy” new Security SIG page, and then replace the text on the existing “security category main page” with a reference that the old security team no longer exists while the role has been partly taken over from the Security SIG and add a reference, if that makes sense. Then the wiki contains current information about the current condition.

You should be able to make mediawiki redirects even without special power. I suggest making one landing page that explains this, and redirecting all of the existing pages to that (unless there happens to be an actual direct new replacement for that particular page).

1 Like

That’s a good idea. I will create redirects. That gives me an opportunity to play with it, I never used that before :smiley:


I now set up the page. Feel free to change or improve: SIGs/Security - Fedora Project Wiki → the comment about letting us know early IF a case is reported to RHPS (clearly without information about it; just to allow us to reach out) refers to the XZUtils experience, where the Fedora efforts consolidated in the Devel mailing list were the only thing that allowed, on one hand, us to let users know about the incorrect information of RHPS but also, on the other hand, to allow those Fedora contributors who work at RH to trigger internally correct information to RHPS to adjust their efforts and publications. But that maybe needs to be discussed further, not just if we want that but also how.

If there is no objection, I will replace all pages of the obsoleted Security Team next week with a redirect to the new Security SIG page.

This includes all pages of the Category SIGs/Security - Fedora Project Wiki and obviously the Category page itself.


Supplement: I just redirected the old Security Team pages to the new Security SIG page.