Re: Merging Core and Extras affecting security updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 16, 2007 at 09:19:07AM -0500, Josh Bressers wrote:
> The biggest missing puzzle piece is the lack of tools.  I'm currently working
> on some tools to more easily track CVE ids via a clever bugzilla interface.  I
> have some notes on how I plan to do this elsewhere.  I can post them at a
> later date if anyone is interested.  The bigger tool I'm looking for is the
> package release tool.  It's likely that the security team will want to view
> the text of all security updates and edit it if needed.  I've mailed lmacken
> requesting this ability, he has informed me that the functionality is there.
> I'm of the impression that as long as the team has the right tools, we can
> operate very efficiently and handle the current inflow of issues.

I'd be interested in seeing the details of your Bugzilla CVE tracking.

The new package updating system, bodhi[0], currently keeps track of all
Bugzilla's and CVEs in their own tables.  Upon adding an update, the
system grabs the bugs and checks them for a 'Security' keyword, and
changes the type of the update accordingly.  All of this fun stuff can
be found in the model[1].

The 'New Update' form currently has an embargo field; can this safely be
removed ?

I also would like to completely revamp the current update notifications,
mainly to include references such as Bugs, CVE's, and maybe security
impact and such if available ?

luke

[0]: https://hosted.fedoraproject.org/projects/bodhi/ (I have yet to
migrate the stuff on the UpdatesSystem wiki[2] here yet)
[1]: https://hosted.fedoraproject.org/projects/bodhi/browser/bodhi/model.py
[2]: http://fedoraproject.org/wiki/Infrastructure/UpdatesSystem

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux