On 09/16/2014 04:39 PM, Kevin Stange wrote: > On 09/16/2014 05:41 AM, Karanbir Singh wrote: >> My question still remains : where is this data going to come from and >> who is taking ownership of validating the CVE's and bugfix's etc ? > > That is unimportant to me. > > There's already "data", a link to the RH web site, along with a list of > packages that are updated, and a CESA, CEBA or CEEA number, which flags > the type of fix as bug, security, or enhancement. That's all I care > about having in updateinfo.xml. I don't care, if you can't list every > individual CVE and fix in the description. sounds good, do you want to propose some code that helps make this happen ? there is the update-repo scripts already there, those can be overloaded to make this happen. >> sha256sum * > mail centos-announce at centos.org > Somehow you get a link to RH and issue a CEXA number for each update. > Where does that come from? thats a manual process, someone hasto go look and find it :( -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc