Hello,
Currently The CentOS project publishes errata on its CentOS Announce mailing list. In order to import this into a package management system (like Katello on The Foreman), one needs to parse the mailing list and convert it into XML before importing it. This is done to some extent on http://cefs.steve-meier.de/ but some more legwork needs to be done before The Foreman can understand the errata like it does natively for RHN.
I have heard rumour that The CentOS project is planning to publish Errata in the same way that Red Hat does, but I haven't been able to find anything on the Internet about this. Does anybody know if The CentOS Project has indeed declared such intention, and when they plan to do this?
Side Note: Interestingly enough, I've noticed that EPEL has started to add errata data to their repositories.
Thanks, David
David,
The CentOS team has taken the stance that they do not understand what is required for this, so, they will not be including it under any circumstances.
I am unable to locate the thread in the archive: http://lists.centos.org/pipermail/centos-devel/2014-September/thread.html
However, luckily, Gmane archives everything just fine. http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375
In the third reply from KB, he states: "ok, so the updateinfo content - we can carry that, where would the data come from ?"
So it may be possible he doesn't understand where the Errata is located currently (in the mailing list), so I think someone just needs to step up and do the work for CentOS in incorporating the Errata, but, Johnny handles that and the work he does isn't documented to the public. So, we're a little in the dark on where/how he sets up the announce list anyways. But, that's how it's always been with the CentOS project, the gears are kept private the product is made public.
Realistically, it would probably be easier to fork the repositories under a different name, create your own mirrorlist and point back at the mirrors for your RPM sources. Steven Crothers steven.crothers@gmail.com
On Wed, Dec 24, 2014 at 12:48 AM, Somers-Harris, David | David | OPS david.somers-harris@mail.rakuten.com wrote:
Hello,
Currently The CentOS project publishes errata on its CentOS Announce mailing list. In order to import this into a package management system (like Katello on The Foreman), one needs to parse the mailing list and convert it into XML before importing it. This is done to some extent on http://cefs.steve-meier.de/ but some more legwork needs to be done before The Foreman can understand the errata like it does natively for RHN.
I have heard rumour that The CentOS project is planning to publish Errata in the same way that Red Hat does, but I haven't been able to find anything on the Internet about this. Does anybody know if The CentOS Project has indeed declared such intention, and when they plan to do this?
Side Note: Interestingly enough, I've noticed that EPEL has started to add errata data to their repositories.
Thanks, David _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 03/01/15 07:12, Steven Crothers wrote:
David,
The CentOS team has taken the stance that they do not understand what is required for this, so, they will not be including it under any circumstances.
umm, no.
I am unable to locate the thread in the archive: http://lists.centos.org/pipermail/centos-devel/2014-September/thread.html
However, luckily, Gmane archives everything just fine. http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375
In the third reply from KB, he states: "ok, so the updateinfo content - we can carry that, where would the data come from ?"
So it may be possible he doesn't understand where the Errata is located currently (in the mailing list),
again, incorrect - spend a bit of time and actually try to workout what the context and data needs to be and what is being requesed.
so I think someone just needs to step up and do the work for CentOS in incorporating the Errata, but, Johnny handles that and the work he does isn't documented to the public.
third part, again incorrect.
So, we're a little in the dark on where/how he sets up the announce list anyways. But, that's how it's always been with the CentOS project, the gears are kept private the product is made public.
Realistically, it would probably be easier to fork the repositories under a different name, create your own mirrorlist and point back at the mirrors for your RPM sources.
you are still going to need the updateinfo data...
Steven Crothers steven.crothers@gmail.com
On Wed, Dec 24, 2014 at 12:48 AM, Somers-Harris, David | David | OPS david.somers-harris@mail.rakuten.com wrote:
Hello,
Currently The CentOS project publishes errata on its CentOS Announce mailing list. In order to import this into a package management system (like Katello on The Foreman), one needs to parse the mailing list and convert it into XML before importing it. This is done to some extent on http://cefs.steve-meier.de/ but some more legwork needs to be done before The Foreman can understand the errata like it does natively for RHN.
I have heard rumour that The CentOS project is planning to publish Errata in the same way that Red Hat does, but I haven't been able to find anything on the Internet about this. Does anybody know if The CentOS Project has indeed declared such intention, and when they plan to do this?
Side Note: Interestingly enough, I've noticed that EPEL has started to add errata data to their repositories.
Thanks, David _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
However, luckily, Gmane archives everything just fine. http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375
Thanks Steven for bringing this thread to my attention. So it looks like there was already a discussion about this in September, and it ended with two action items.
1. Write code to automatically put the following into updateinfo.xml a. Link to RH web site b. List of packages that are updated c. CESA, CEBA or CEEA number which flags the type of fix as bug, security or enhancement.
2. Figure out how and where to store previous errata content.
The final comment on the thread "Erata in the Repo" was Kevin Strange saying he would look into #1, and also him asking everybody what the best way to do #2 is.
Does anybody know if Kevin has had any luck with #1? Would it be better if I revived that thread or is it fine to discuss here?
On 01/04/2015 06:00 PM, Somers-Harris, David | David | OPS wrote:
However, luckily, Gmane archives everything just fine. http://thread.gmane.org/gmane.linux.centos.devel/12370/focus=12375
Thanks Steven for bringing this thread to my attention. So it looks like there was already a discussion about this in September, and it ended with two action items.
- Write code to automatically put the following into updateinfo.xml
a. Link to RH web site b. List of packages that are updated c. CESA, CEBA or CEEA number which flags the type of fix as bug, security or enhancement.
- Figure out how and where to store previous errata content.
The final comment on the thread "Erata in the Repo" was Kevin Strange saying he would look into #1, and also him asking everybody what the best way to do #2 is.
Does anybody know if Kevin has had any luck with #1? Would it be better if I revived that thread or is it fine to discuss here?
Please note a couple of things ...
1. Blatant screen scraping is a violation of the terms of service for RHN .. so where is a SOURCE of information for something like this:
https://rhn.redhat.com/errata/RHSA-2014-2024.html
If you read this:
https://access.redhat.com/help/terms/
then, one can not just grab all the info on that errata page and distribute it .. which is why we LINK to it and not distribute it currently.
So, the first issue is that one must find a source for the information that would go into the 'updateinfo.xml' file that is always maintained and is available to read and to redistribute.
2. If someone comes up with a place to get said data, THEN we could properly publish that data in some way.
Thanks, Johnny Hughes
On Mon, Jan 05, 2015 at 10:37:46AM -0600, Johnny Hughes wrote:
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
It would be a hack, but you could probably subscribe an automated account to the enterprise-watch-list mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
or parse the archives here: https://www.redhat.com/archives/enterprise-watch-list/
On 2015-01-05, Jonathan Billings billings@negate.org wrote:
On Mon, Jan 05, 2015 at 10:37:46AM -0600, Johnny Hughes wrote:
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
It would be a hack, but you could probably subscribe an automated account to the enterprise-watch-list mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
or parse the archives here: https://www.redhat.com/archives/enterprise-watch-list/
You could subscribe an address, but based on the link to RH's terms that Johnny posted it may still violate the TOU to redistribute the contents of the messages the bot received.
--keith
On 2015-01-06, Keith Keller wrote:
On Mon, Jan 05, 2015 at 10:37:46AM -0600, Johnny Hughes wrote:
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
It would be a hack, but you could probably subscribe an automated account to the enterprise-watch-list mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
or parse the archives here: https://www.redhat.com/archives/enterprise-watch-list/
You could subscribe an address, but based on the link to RH's terms that Johnny posted it may still violate the >TOU to redistribute the contents of the messages the bot received.
I heard that this is actually how the RHEL errata have been put together, and that it would not be a violation of the ToU to use the info in the emails.
Can somebody confirm this?
Sounds to me like this would be the way to go.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 13.01.2015 04:25, Somers-Harris, David | David | OPS wrote:
On 2015-01-06, Keith Keller wrote:
On Mon, Jan 05, 2015 at 10:37:46AM -0600, Johnny Hughes wrote:
- If someone comes up with a place to get said data, THEN
we could properly publish that data in some way.
It would be a hack, but you could probably subscribe an automated account to the enterprise-watch-list mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
or parse the archives here: https://www.redhat.com/archives/enterprise-watch-list/
You could subscribe an address, but based on the link to RH's terms that Johnny posted it may still violate the >TOU to redistribute the contents of the messages the bot received.
I heard that this is actually how the RHEL errata have been put together, and that it would not be a violation of the ToU to use the info in the emails.
Can somebody confirm this?
Sounds to me like this would be the way to go.
Well IANAL, but:
imho red hats "terms of service" on their website are not valid , at least in germany (where I happen to live). In germany you can not bind someone to some silly "terms of service" by just displaying them on some random website.
you need to agree to those tos actively somehow (e.g. signing a contract).
but of course this is IANAL, so you should probably contact some lawyer about this.
But if I'm right it could at least be possible to create this data in europe.
kind regards
Sven
PS: I guess this discussion should move to the devel list?
I'll move this to the devel list.
I've created the following thread. http://lists.centos.org/pipermail/centos-devel/2015-January/012600.html
Thanks for the discussions so far. I look forward to making more progress on centos-devel.
- Blatant screen scraping is a violation of the terms of service for RHN ..
so where is a SOURCE of information for something like this:
https://rhn.redhat.com/errata/RHSA-2014-2024.html
If you read this: https://access.redhat.com/help/terms/
then, one can not just grab all the info on that errata page and distribute it .. which is why we LINK to it and not distribute it currently.
So, the first issue is that one must find a source for the information that would go into the 'updateinfo.xml' file that is always maintained and is available to read and to redistribute.
- If someone comes up with a place to get said data, THEN we could properly publish
that data in some way.
Thanks, Johnny Hughes
Can't we just ask Red Hat if it's OK for CentOS to use the data for its updateinfo.xml? Is there some official communication channel between the CentOS Project and Red Hat?
On 2015-01-06, Somers-Harris, David | David | OPS david.somers-harris@mail.rakuten.com wrote:
- Blatant screen scraping is a violation of the terms of service
for RHN .. so where is a SOURCE of information for something like this:
https://rhn.redhat.com/errata/RHSA-2014-2024.html
If you read this: https://access.redhat.com/help/terms/
then, one can not just grab all the info on that errata page and distribute it .. which is why we LINK to it and not distribute it currently.
So, the first issue is that one must find a source for the information that would go into the 'updateinfo.xml' file that is always maintained and is available to read and to redistribute.
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
Thanks, Johnny Hughes
Can't we just ask Red Hat if it's OK for CentOS to use the data for its updateinfo.xml? Is there some official communication channel between the CentOS Project and Red Hat?
Maybe you missed the big announcement:
http://lists.centos.org/pipermail/centos-announce/2014-January/020100.html
On 01/06/2015 04:25 AM, Liam O'Toole wrote:
On 2015-01-06, Somers-Harris, David | David | OPS david.somers-harris@mail.rakuten.com wrote:
- Blatant screen scraping is a violation of the terms of service
for RHN .. so where is a SOURCE of information for something like this:
https://rhn.redhat.com/errata/RHSA-2014-2024.html
If you read this: https://access.redhat.com/help/terms/
then, one can not just grab all the info on that errata page and distribute it .. which is why we LINK to it and not distribute it currently.
So, the first issue is that one must find a source for the information that would go into the 'updateinfo.xml' file that is always maintained and is available to read and to redistribute.
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
Thanks, Johnny Hughes
Can't we just ask Red Hat if it's OK for CentOS to use the data for its updateinfo.xml? Is there some official communication channel between the CentOS Project and Red Hat?
Maybe you missed the big announcement:
http://lists.centos.org/pipermail/centos-announce/2014-January/020100.html
Sure, but they aren't likely to let us.
The purpose of CentOS within the Red Hat ecosystem is explained here:
http://community.redhat.com/centos-faq/
CentOS is open source, so you can use it however you want and for what ever you are comfortable using it for .. however, giving special dispensation to violate terms of service of RHN to make CentOS more usable than it already is in the enterprise is not high on their priority list.
They are not taking any action to make it in any way less usable, but they are also not going to do anything to make it easier either.
What we need is a way to get that info from another place.
Maybe the oval data, if it has all the required information and if the Terms of Service allow for that.
Someone in the Community needs to research that and see if it is usable or if there is some other source for the information that can then be modified to create the updateinfo.xml file.
On 2015-01-06, Johnny Hughes johnny@centos.org wrote:
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4697670779706124595== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="MBFscW2dH0g022mxj8O937qiaWFFIRB5O"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MBFscW2dH0g022mxj8O937qiaWFFIRB5O Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable
On 01/06/2015 04:25 AM, Liam O'Toole wrote:
On 2015-01-06, Somers-Harris, David | David | OPS david.somers-harris@mail.rakuten.com wrote:
- Blatant screen scraping is a violation of the terms of service
for RHN .. so where is a SOURCE of information for something like this:
https://rhn.redhat.com/errata/RHSA-2014-2024.html
If you read this: https://access.redhat.com/help/terms/
then, one can not just grab all the info on that errata page and distribute it .. which is why we LINK to it and not distribute it currently.
So, the first issue is that one must find a source for the information that would go into the 'updateinfo.xml' file that is always maintained and is available to read and to redistribute.
- If someone comes up with a place to get said data, THEN we
could properly publish that data in some way.
Thanks, Johnny Hughes
Can't we just ask Red Hat if it's OK for CentOS to use the data for its updateinfo.xml? Is there some official communication channel between the CentOS Project and Red Hat?
=20 Maybe you missed the big announcement: =20 http://lists.centos.org/pipermail/centos-announce/2014-January/020100.h=
tml
=20
Sure, but they aren't likely to let us.
The purpose of CentOS within the Red Hat ecosystem is explained here:
http://community.redhat.com/centos-faq/
CentOS is open source, so you can use it however you want and for what ever you are comfortable using it for .. however, giving special dispensation to violate terms of service of RHN to make CentOS more usable than it already is in the enterprise is not high on their priority list.
They are not taking any action to make it in any way less usable, but they are also not going to do anything to make it easier either.
What we need is a way to get that info from another place.
Maybe the oval data, if it has all the required information and if the Terms of Service allow for that.
Someone in the Community needs to research that and see if it is usable or if there is some other source for the information that can then be modified to create the updateinfo.xml file.
Thanks for all that. My contribution was in response to the question "Is there some official communication channel between the CentOS Project and Red Hat?" I should have trimmed more carefully and saved you some keystrokes.
On 01/06/2015 12:03 PM, Liam O'Toole wrote:
Thanks for all that. My contribution was in response to the question "Is there some official communication channel between the CentOS Project and Red Hat?" I should have trimmed more carefully and saved you some keystrokes.
Nope. We're still air-gapped from the RHEL business units. We have lines of communication to other RH community projects, but nothing that would line up with this thread.
On 01/07/2015 3:04 AM, Liam O'Toole wrote:
Maybe you missed the big announcement: http://lists.centos.org/pipermail/centos-announce/2014-January/020100.html
Thanks for this Liam! It gave me a lot of context I was missing.
On 01/07/2015 4:25 AM, Jim Perrin wrote:
Nope. We're still air-gapped from the RHEL business units. We have lines of communication to other RH community projects, but nothing that would line up with this thread.
Maybe I'm being a bit of an optimist - I don't know much about Red Hat Inc.'s culture - but can't somebody just pop into the Red Hat Legal department and ask some clarifying questions? Maybe they're more willing to help improve CentOS than we think ... would it hurt to ask?
On 01/07/2015 12:25 AM, Johnny Hughes wrote:
What we need is a way to get that info from another place. Maybe the oval data, if it has all the required information and if the Terms of Service allow for that. Someone in the Community needs to research that and see if it is usable or if there is some other source for the information that can then be modified to create the updateinfo.xml file.
How do we know if the ToU allow for it? Is there a way to check? Whatever we do we have to look at the metadata provided via RHN or Red Hat website in order to make judgments about what the purpose of the change is. What does the CentOS Project currently do for Release Notes?
On 01/05/2015 04:37 PM, Johnny Hughes wrote:
- If someone comes up with a place to get said data, THEN we could
properly publish that data in some way.
get it, then validate it, then we can push it as known correct.
-
Jim Perrin -
Johnny Hughes -
Jonathan Billings -
Karanbir Singh -
Keith Keller -
Liam O'Toole -
Somers-Harris, David | David | OPS -
Steven Crothers -
Sven Kieske