[CentOS-devel] Publish Errata for CentOS

Wed Jan 21 17:41:29 UTC 2015
Jim Perrin <jperrin at centos.org>


On 01/21/2015 10:06 AM, Tony Coffman wrote:
> On Wed, Jan 21, 2015 at 6:28 AM, Karanbir Singh <mail-lists at karan.org> wrote:
>>
>> the question isnt 'how' its just a xml file, you can write it by hand if
>> you wish. the question is what do we put inside it and how do we make
>> sure what we put inside it is accurate.
>>
> 
> 
> Why not do a minimal version that simply includes the information from
> the centos-announce mailing list and no external data?  There are a
> few other errata fields that can simply be filled in with "not
> available".  This minimal solution is nearly there using existing open
> source scripts tied together.

If someone from the community would be willing to script something up
for this we can take a look at it. I've been toying with the idea of
adding an rss feed to www.centos.org for the repositories in place of
updateinfo, mostly since Johnny is quite correct, we don't validate cve
closure, so providing that info as if we do seems a bit wrong.

> People are effectively doing a version of this today if they are using
> CEFS without OVAL data or if they are using one of the many
> centos-announce mailing list errata scraping tools without RHN or OVAL
> data.  That means this usage is important to at least some portion of
> the community.
> 
> The result will be a bare bones updateinfo.xml but it would still be
> useful to many.
> 
> Community members who need CVE fix assurances or detailed errata
> should be paying Red Hat for proper support anyway.


Agreed.

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77