On 09/16/2014 04:39 PM, Kevin Stange wrote:
On 09/16/2014 05:41 AM, Karanbir Singh wrote:
My question still remains : where is this data going to come from and who is taking ownership of validating the CVE's and bugfix's etc ?
That is unimportant to me.
There's already "data", a link to the RH web site, along with a list of packages that are updated, and a CESA, CEBA or CEEA number, which flags the type of fix as bug, security, or enhancement. That's all I care about having in updateinfo.xml. I don't care, if you can't list every individual CVE and fix in the description.
sounds good, do you want to propose some code that helps make this happen ? there is the update-repo scripts already there, those can be overloaded to make this happen.
sha256sum * > mail centos-announce@centos.org
Somehow you get a link to RH and issue a CEXA number for each update. Where does that come from?
thats a manual process, someone hasto go look and find it :(