On 14/03/13 08:34 AM, Przemek Klosowski wrote:
On 03/12/2013 09:42 PM, Rahul Sundaram wrote:
On 03/12/2013 08:17 PM, Jasper St. Pierre wrote:
What is the point of the RPM changelog then?
RPM changelog is for packaging changes. Bodhi update notes are for the
user. They are not merely redundant copies of the same information.
Aah, wait a minute. I was tickled pink when I discovered that I can look
for vulnerability profile of a package by doing
rpm --changelog -q php | grep CVE
if RPM changelog is for packaging only this info wouldn't be there,
right? If so, what would you recommend as a replacement?
I don't think you can rely on it anyway. I'd expect the CVE to show up
in the changelog any time a package update was rolled specifically to
backport one or a group of CVE fixes as patches - as that's effectively
a packaging change - but not necessarily if an upstream point release
included some CVE fixes.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
