[CentOS-devel] Errata in the Repo

Karanbir Singh

mail-lists at karan.org
Tue Sep 16 15:46:00 UTC 2014


On 09/16/2014 04:39 PM, Kevin Stange wrote:
> On 09/16/2014 05:41 AM, Karanbir Singh wrote:
>> My question still remains : where is this data going to come from and
>> who is taking ownership of validating the CVE's and bugfix's etc ?
> 
> That is unimportant to me.
> 
> There's already "data", a link to the RH web site, along with a list of
> packages that are updated, and a CESA, CEBA or CEEA number, which flags
> the type of fix as bug, security, or enhancement.  That's all I care
> about having in updateinfo.xml.  I don't care, if you can't list every
> individual CVE and fix in the description.

sounds good, do you want to propose some code that helps make this
happen ? there is the update-repo scripts already there, those can be
overloaded to make this happen.

>> sha256sum * > mail centos-announce at centos.org
> Somehow you get a link to RH and issue a CEXA number for each update.
> Where does that come from?

thats a manual process, someone hasto go look and find it :(

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc



More information about the CentOS-devel mailing list