[CentOS-devel] yum-plugin-security and shellshock

Tue Sep 30 16:28:44 UTC 2014
Pat Riehecky <riehecky at fnal.gov>

On 09/30/2014 11:10 AM, Kevin Stange wrote:
> On 09/30/2014 10:03 AM, Nux! wrote:
>> What needs to happen for that?
> We had a short discussion about it here:
>
> http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html
>
> The issue is that something during the issuance of new updates has to
> build a persistent list of CExAs and then regenerate the updateinfo.xml
> while building the repo update.
>
> Right now CentOS pushes the update notices directly to the mailing list
> and doesn't store that data anywhere to generate the XML file.  The only
> way I know to build historical updateinfo.xml would be to scrape the
> mailing list for all previous data.  Needed are release ID, package
> (name, version, release, arch), SHA sum, release type (bug, enhancement,
> new package, security), severity (if security), reference URL, summary,
> additional description (if any).
>
> SL publishes updateinfo.xml so if someone has insight into how they
> manage it, perhaps we could make use of the process to shoehorn into
> CentOS. See:
>
> http://ftp.scientificlinux.org/linux/fermi/scientific/6x/x86_64/updates/security/repodata/updateinfo.xml
>

All the SL tools are published at: 
https://cdcvs.fnal.gov/redmine/projects/python-updateinfo

Pat

-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/