On Tue, 2005-02-01 at 16:02 +0100, Arjan van de Ven wrote: > On Tue, 2005-02-01 at 09:50 -0500, Jeff Spaleta wrote: > > On Tue, 1 Feb 2005 09:28:45 +0000 (GMT), Mark J Cox <mjc@xxxxxxxxxx> wrote: > > > What would be incredibly useful is to move (to being a Provides) the CVE > > > names for issues that we're including a backported fix for. Where we've > > > moved to an upstream version that contains fixes those CVE names are less > > > important as they can be deduced by a simple NV check. > > > > I look forward to building pathological packages that have a requires > > on a CVE name provides. > > fedora-secure-system > > could require all the CVE's that are ciritical to be fixed > yum update fedora-secure-system > would then only pull security updates down.... I agree with Jeremy. I think this is data that should be housed outside of the package. We're going to need to figure out how to do this anyway. -sv
