On 01/21/2015 05:41 PM, Jim Perrin wrote: > > > On 01/21/2015 10:06 AM, Tony Coffman wrote: >> On Wed, Jan 21, 2015 at 6:28 AM, Karanbir Singh <mail-lists at karan.org> wrote: >>> >>> the question isnt 'how' its just a xml file, you can write it by hand if >>> you wish. the question is what do we put inside it and how do we make >>> sure what we put inside it is accurate. >>> >> >> >> Why not do a minimal version that simply includes the information from >> the centos-announce mailing list and no external data? There are a >> few other errata fields that can simply be filled in with "not >> available". This minimal solution is nearly there using existing open >> source scripts tied together. > > If someone from the community would be willing to script something up > for this we can take a look at it. I've been toying with the idea of > adding an rss feed to www.centos.org for the repositories in place of > updateinfo, mostly since Johnny is quite correct, we don't validate cve > closure, so providing that info as if we do seems a bit wrong. would just repo-rss work for that rss feed on www.centos.org ? > >> People are effectively doing a version of this today if they are using >> CEFS without OVAL data or if they are using one of the many >> centos-announce mailing list errata scraping tools without RHN or OVAL >> data. That means this usage is important to at least some portion of >> the community. >> >> The result will be a bare bones updateinfo.xml but it would still be >> useful to many. >> >> Community members who need CVE fix assurances or detailed errata >> should be paying Red Hat for proper support anyway. > > > Agreed. > -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc