On 11.11.2014 16:26, Vít Ondruch wrote:
Dne 11.11.2014 v 16:17 Václav Pavlín napsal(a):
I also have one more topic...
Software written in Go is linked statically and we are not able to
figure out which version of Go was used during build. Means that
despite we have latest Go with all CVE fixed in Fedora, we still have
these CVEs in some packages built from old Go releases.
I've heard someone to mention we could use "Bundles" tag in RPM header
to track this.
You mean bundled virtual provide, e.g. "Provides: bundled(go) = 1.0.0"
etc. See
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle
for more information.
Thanks!
That's probably it, although I think we need to set this automatically
during the build to make it useful.
Vašek
Vít
I am not sure if I understood it correctly as I hasn't been able to
find anything about it... With this said I am CCing Florian once again
to help us out:)
Regards,
Vašek
On 11.11.2014 15:47, Jaroslav Reznik wrote:
----- Original Message -----
Agenda:
- Status buildrequires cleanup work (davids & nils!)
- Update on factory-reset work
- Docker update
- Open Floor
One more topic - generic network install images, there was a question
raised, if Base WG would like to take care of it. I'll provide more
details
in the meeting.
Jaroslav
Last meeting logs:
<http://meetbot.fedoraproject.org/fedora-meeting/2014-10-31/fedora_base_design_working_group.2014-10-31-15.02.log.html>
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
--
Lead Infrastructure Engineer
Developer Experience
Brno, Czech Republic
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
