Re: Unhelpful update descriptions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14/03/13 08:34 AM, Przemek Klosowski wrote:
On 03/12/2013 09:42 PM, Rahul Sundaram wrote:
On 03/12/2013 08:17 PM, Jasper St. Pierre wrote:
What is the point of the RPM changelog then?

RPM changelog is for packaging changes.  Bodhi update notes are for the
user.  They are not merely redundant copies of the same information.

Aah, wait a minute. I was tickled pink when I discovered that I can look
for vulnerability profile of a package by doing

rpm --changelog -q php | grep CVE

if RPM changelog is for packaging only this info wouldn't be there,
right? If so, what would you recommend as a replacement?

I don't think you can rely on it anyway. I'd expect the CVE to show up in the changelog any time a package update was rolled specifically to backport one or a group of CVE fixes as patches - as that's effectively a packaging change - but not necessarily if an upstream point release included some CVE fixes.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux