Dne 11.11.2014 v 16:17 Václav Pavlín napsal(a): > I also have one more topic... > > Software written in Go is linked statically and we are not able to > figure out which version of Go was used during build. Means that > despite we have latest Go with all CVE fixed in Fedora, we still have > these CVEs in some packages built from old Go releases. > > I've heard someone to mention we could use "Bundles" tag in RPM header > to track this. You mean bundled virtual provide, e.g. "Provides: bundled(go) = 1.0.0" etc. See https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle for more information. Vít > I am not sure if I understood it correctly as I hasn't been able to > find anything about it... With this said I am CCing Florian once again > to help us out:) > > Regards, > Vašek > > On 11.11.2014 15:47, Jaroslav Reznik wrote: >> ----- Original Message ----- >>> Agenda: >>> - Status buildrequires cleanup work (davids & nils!) >>> - Update on factory-reset work >>> - Docker update >>> - Open Floor >> One more topic - generic network install images, there was a question >> raised, if Base WG would like to take care of it. I'll provide more >> details >> in the meeting. >> >> Jaroslav >> >>> Last meeting logs: >>> <http://meetbot.fedoraproject.org/fedora-meeting/2014-10-31/fedora_base_design_working_group.2014-10-31-15.02.log.html> >>> >>> -- >>> devel mailing list >>> devel@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/devel >>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
