[CentOS-devel] yum-plugin-security and shellshock

Tue Sep 30 16:10:02 UTC 2014
Kevin Stange <kevin at steadfast.net>

On 09/30/2014 10:03 AM, Nux! wrote:
> What needs to happen for that?

We had a short discussion about it here:

http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html

The issue is that something during the issuance of new updates has to
build a persistent list of CExAs and then regenerate the updateinfo.xml
while building the repo update.

Right now CentOS pushes the update notices directly to the mailing list
and doesn't store that data anywhere to generate the XML file.  The only
way I know to build historical updateinfo.xml would be to scrape the
mailing list for all previous data.  Needed are release ID, package
(name, version, release, arch), SHA sum, release type (bug, enhancement,
new package, security), severity (if security), reference URL, summary,
additional description (if any).

SL publishes updateinfo.xml so if someone has insight into how they
manage it, perhaps we could make use of the process to shoehorn into
CentOS. See:

http://ftp.scientificlinux.org/linux/fermi/scientific/6x/x86_64/updates/security/repodata/updateinfo.xml

-- 
Kevin Stange
Chief Technology Officer
Steadfast | http://steadfast.net
Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688