Re: Fedora Extras Security Response Team

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Fri, 28 Apr 2006, Josh Bressers wrote:
> 
> > If you're interested, feel free to chime in.
> 
> I'm interested as well
> 
> > We will need a package manifest.  Basically a file that tells us which
> > packages and versions we're currently shipping in extras.  A tool to
> > generate this will also be needed since we'll want to update this file on a
> > regular basis.  Given how fast Extras changes I think this will be the
> > easiest way to check if we currently ship package <foo>.
> 
> What's the scope here? Should it cover what's in CVS or what's built and 
> shipped as a package? I can see pros and cons each way

I think it's important to keep an eye out for new things, but also there's
no reason to track a deprecated package that also happens to be in CVS.  A
blend of the two will be needed.

> 
> Also, does it need to be part of the Fedora infrastructure stuff (say, a 
> script run on the repository every time a package push hits), or can it be 
> client-side (say, once a day I check out CVS trees for FE, walk them to 
> see what's in them, check results into fedora-security/package or 
> whatever)

I was thinking that initially we just run a manual client side process from
time to time.  Eventually I would like to see an automated process that
updates a package manifest.

-- 
    JB


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux