-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jesse Keating schrieb:
| Here is what I have as an example layout:
|
| Subject: [FLSA-2004:${bugzillaID}] Updated sendmail resolves security
| vulnerabilitySome thoughts:
What's the difference between "Issue Date" and "Updated on"? If another update becomes nescessary it should get a new Bugzilla entry.
Cross references should also include links to the upstream, CVE, CERT, Bugtraq, Full-Disclosure, ... announcements
If a service like sshd or httpd gets an update and the post-install scripts don't restart the service automatically a note should be added how to restart the service manually.
The MD5SUMS and file sizes of the rpms HAVE TO BE listed.
The rpm changelog should be listed.
Best regards.
- -- Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann@xxxxxxxxxx> I.S. Security and Network Engineer SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin Fon: +49 30 214783-44 / Fax: +49 30 214783-46 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAAJBjkQuIaHu84cIRAgazAKCUVCXQTnp+84DGsg2kxwd0ZsWcegCfaWDR Y9ApUqvfjil5vIyacft7Ihs= =Gtze -----END PGP SIGNATURE-----
