Re: radical suggestion for fc4 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Changelog entries that refer to specific bug numbers or CAN numbers can be quite helpful in this regard.

What would be incredibly useful is to move (to being a Provides) the CVE names for issues that we're including a backported fix for. Where we've moved to an upstream version that contains fixes those CVE names are less important as they can be deduced by a simple NV check.

Just before each FC release the security team here go through a few years of security issues normalized to CVE names and make a list of how each FC package fixed it ("not vulnerable due to upstream version" or "contains backported fix"). It helps catch any missing fixes too ;)

(This is something I'm thinking we'll try to do after our FC4 audit).

Cheers, Mark

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux