On 09/16/2014 05:41 AM, Karanbir Singh wrote: > My question still remains : where is this data going to come from and > who is taking ownership of validating the CVE's and bugfix's etc ? That is unimportant to me. There's already "data", a link to the RH web site, along with a list of packages that are updated, and a CESA, CEBA or CEEA number, which flags the type of fix as bug, security, or enhancement. That's all I care about having in updateinfo.xml. I don't care, if you can't list every individual CVE and fix in the description. I just care that in spacewalk, when it syncs the repo, it automatically associates each update with what type of fix it is and provides the relevant link into RH's web site for further details to those interested. Trying to do this with the mailing list is imprecise and buggy because there are emails that slightly vary in format and the API spacewalk has for adding errata is less robust than its means for directly importing it from an updateinfo.xml. > if we can come up with a reasonable answer to that question - then we > can move to the next stage of writing the code that generates and > process's the information. I hope that answer's reasonable. I don't feel like there is any need for this to be more complicated than just generating what you already do into an updateinfo.xml file. It's more useful than nothing. > in terms of what we do at the moment, this sums it up : > > sha256sum * > mail centos-announce at centos.org Somehow you get a link to RH and issue a CEXA number for each update. Where does that come from? -- Kevin Stange Chief Technology Officer Steadfast | http://steadfast.net Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688