Hello Fedora Council
We recently launched FedoraCVE.org, a community driven, non profit initiative built by two experienced security engineers from Red Hat Product Security (darunesh@redhat.com and saroy@redhat.com). Our goal is to improve visibility into Fedora related CVEs and provide clearer insight into the security status of packages across the Fedora ecosystem. After announcing the project, we learned that using the "Fedora" name and trademarks requires Council approval, and we sincerely apologize for this oversight.
We created this platform because Fedora users today lack authoritative, timely clarity on vulnerability status - whether a CVE is acknowledged, unfixed, silently fixed, or under investigation. This information gap introduces real security risk and undermines trust for both users and maintainers. A structured reporting approach, such as official VEX-style communication, would offer transparency, predictability, and a stronger overall security posture for Fedora.
For this initiative, we have acquired the domains fedoracve.org and the codebase is hosted at: https://github.com/FedoraCVE/fedora-cve-dashboard. We respectfully request formal review and approval of the project's name and trademark usage.
<img alt="Screenshot_2025-11-26_at_15-20-40_Fedora_CVE_Dashboard_-_Security_Monitoring.png" src="/Fedora-Council/tickets/issue/raw/files/e3704ca347f2ba0b8644b5f8d29f3e89d929489b926113b6606ac281e9161570-Screenshot_2025-11-26_at_15-20-40_Fedora_CVE_Dashboard_-_Security_Monitoring.png" /> <img alt="Screenshot_2025-11-26_at_15-20-25_Advanced_Package_Analytics_-_Fedora_CVE_Dashboard.png" src="/Fedora-Council/tickets/issue/raw/files/d476040b2fd81a5302b1c429c54bf323f5acd5dd1c86455e64dc066d1e6342d1-Screenshot_2025-11-26_at_15-20-25_Advanced_Package_Analytics_-_Fedora_CVE_Dashboard.png" />
Metadata Update from @jflory7: - Issue tagged with: Next Meeting, trademarks
Discussed in 2025-12-03 Fedora Council meeting.
The Council discussed the request to use the Fedora logo on fedoracve.org. While supportive of the initiative, the Council voted (+8) to grant conditional approval only. This approval is not final and is strictly contingent upon a review and decision by Red Hat Legal regarding trademark usage.
The specific agreed-upon statement from the meeting is as follows:
The Fedora Council conditionally approves the use of the Fedora logo on the fedoracve.org website, pending final approval from Red Hat Legal trademark experts. The Fedora Council RECOMMENDS the use of a clear disclaimer on the site that the site is not officially managed or run by the Fedora community (to avoid our Fedora Infra team getting support requests when there are issues), AND does not represent the state or management of CVEs in Fedora Linux. The Fedora Council RECOMMENDS transferring ownership of the domain to Red Hat IT so it can be maintained and renewed in perpetuity by those responsible for the Fedora trademark.
The Fedora Council conditionally approves the use of the Fedora logo on the fedoracve.org website, pending final approval from Red Hat Legal trademark experts.
The Fedora Council RECOMMENDS the use of a clear disclaimer on the site that the site is not officially managed or run by the Fedora community (to avoid our Fedora Infra team getting support requests when there are issues), AND does not represent the state or management of CVEs in Fedora Linux.
The Fedora Council RECOMMENDS transferring ownership of the domain to Red Hat IT so it can be maintained and renewed in perpetuity by those responsible for the Fedora trademark.
@jspaleta has been actioned to initiate the required review with Red Hat Legal.
Metadata Update from @jflory7: - Issue untagged with: Next Meeting - Issue assigned to jspaleta
Log in to comment on this ticket.