On 01/21/2015 04:22 PM, Karanbir Singh wrote: > On 01/21/2015 05:41 PM, Jim Perrin wrote: >> >> >> On 01/21/2015 10:06 AM, Tony Coffman wrote: >>> On Wed, Jan 21, 2015 at 6:28 AM, Karanbir Singh <mail-lists at karan.org> wrote: >>>> >>>> the question isnt 'how' its just a xml file, you can write it by hand if >>>> you wish. the question is what do we put inside it and how do we make >>>> sure what we put inside it is accurate. >>>> >>> >>> >>> Why not do a minimal version that simply includes the information from >>> the centos-announce mailing list and no external data? There are a >>> few other errata fields that can simply be filled in with "not >>> available". This minimal solution is nearly there using existing open >>> source scripts tied together. >> >> If someone from the community would be willing to script something up >> for this we can take a look at it. I've been toying with the idea of >> adding an rss feed to www.centos.org for the repositories in place of >> updateinfo, mostly since Johnny is quite correct, we don't validate cve >> closure, so providing that info as if we do seems a bit wrong. > > would just repo-rss work for that rss feed on www.centos.org ? That was what I was thinking, yeah. >> >>> People are effectively doing a version of this today if they are using >>> CEFS without OVAL data or if they are using one of the many >>> centos-announce mailing list errata scraping tools without RHN or OVAL >>> data. That means this usage is important to at least some portion of >>> the community. >>> >>> The result will be a bare bones updateinfo.xml but it would still be >>> useful to many. >>> >>> Community members who need CVE fix assurances or detailed errata >>> should be paying Red Hat for proper support anyway. >> >> >> Agreed. >> > > -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77