On 09/16/2014 10:46 AM, Karanbir Singh wrote: > On 09/16/2014 04:39 PM, Kevin Stange wrote: >> On 09/16/2014 05:41 AM, Karanbir Singh wrote: >>> My question still remains : where is this data going to come from and >>> who is taking ownership of validating the CVE's and bugfix's etc ? >> >> That is unimportant to me. >> >> There's already "data", a link to the RH web site, along with a list of >> packages that are updated, and a CESA, CEBA or CEEA number, which flags >> the type of fix as bug, security, or enhancement. That's all I care >> about having in updateinfo.xml. I don't care, if you can't list every >> individual CVE and fix in the description. > > sounds good, do you want to propose some code that helps make this > happen ? there is the update-repo scripts already there, those can be > overloaded to make this happen. I'll give this a look and see what can be done. The question is how and where to store the previous errata content. Is it already kept somewhere or would we just have to scrape it all off the mailing list to recover what's already been sent? >>> sha256sum * > mail centos-announce at centos.org >> Somehow you get a link to RH and issue a CEXA number for each update. >> Where does that come from? > > thats a manual process, someone hasto go look and find it :( Is there a script that assembles the email or is it a copy and paste job? -- Kevin Stange Chief Technology Officer Steadfast | http://steadfast.net Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688