On 02/07/2018 01:38 PM, Kevin Fenzi wrote: > We don't have any way to track > security issues for all the frozen set do we? There is a way to declare that you have bundled dependencies. I did this for some of Bodhi's JavaScript stuff: https://src.fedoraproject.org/rpms/bodhi/blob/bea0e164fdcd946f720ff0cebefb7830f73de8ff/f/bodhi.spec#_154-171 Basically you do this: Provides: bundled(bootstrap) = 3.0.1 This way it is possible to search the collection of RPMs for all that contain versions of dependencies with known security issues.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
