Red Hat and Fedora Leftovers
-
Fedora Community Blog: A new way to find a package reviewer
Package reviews are an important part of how Fedora delivers well-built RPMs. When one contributor wants to add a new package, another packager has to check it first. It’s how we all hold each other to the high standard we’ve set for ourselves. Of course, that means to add a new package to the repos, you first have to find someone to do the review. Last week, I added a new way to do that: the Package Review Swaps category on Fedora Discussion. Huge thanks to Felix Kaechele for the idea and initial process design.
-
CPE Quarterly Update Q2 2023
This is a summary of the work done on initiatives by the CPE Team. Each quarter CPE Team together with CentOS and Fedora community representatives choose initiatives that will be being worked on in this quarter.
-
Weakness risk-patterns: A Red Hat way to identify poor software practices in the secure development lifecycle
Red Hat strives to get better at what we do, faster at how we do it, while maintaining high quality results. In modern software development, that means focusing on security as early as possible into our software development process, and continuously driving improvements by listening and acting upon early feedback in the Secure Development Lifecycle (SDL). One important tool toward that goal is the Common Weakness Enumeration (CWE), a community-developed taxonomy of flaws.
-
Red Hat’s CWE journey
As the IT security landscape continues to evolve, so do the practices that IT organizations use to mitigate threats and maintain a more secure operating environment. Staying ahead of attackers and minimizing the cost of defense requires constant and appropriate reflection and analysis to improve processes and strategies. In this series, we explain what a CWE is, share our background on CWE collection, and explain how Red Hat has evolved our usage of CWEs over the past few years.