Re: radical suggestion for fc4 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nigel Metheringham wrote:
On Tue, 2005-02-01 at 16:02 +0100, Arjan van de Ven wrote:

On Tue, 2005-02-01 at 09:50 -0500, Jeff Spaleta wrote:

I look forward to building pathological packages that have a requires
on a CVE name provides.

fedora-secure-system


could require all the CVE's that are ciritical to be fixed yum update fedora-secure-system would then only pull security updates down....


This sort of requires a way to handle packages that you don't install -
for example package flurble needs an empty package not-flurble (which
conflicts with flurble) so that when CAN-9999-999 is issued for flurble,
which then means fedora-secure-system now requires CAN-9999-999, a new
empty not-flurble can also provide the CVE name.
...
This makes my head hurt.

How about fedora-secure-system have Conflicts: flurble <= <vulnerable version> # CAN-9999-999

If a package is known to be vulnerable, it conflicts with a secure system.

Wouldn't that accomplish what you want? It will install in the absence of flurble, but if a vulnerable version is installed, it will (should?) cause an upgrade.

Hmm.... And if there is no upgrade available, maybe a remove... In fact, I kind of like that idea. Update fedora-secure-system immediately upon disclosure of a problem, even in absense of a fix. Sysadmins can decide to uninstall or remain insecure based on whatever their constraints are.

Thoughts?

Eli
--------------------. "If it ain't broke now,
Eli Carter           \                  it will be soon." -- crypto-gram
eli.carter(a)inet.com `-------------------------------------------------



------------------------------------------------------------------------
Confidentiality Notice:   This e-mail transmission may contain
confidential and/or privileged information that is intended only for the
individual or entity named in the e-mail address. If you are not the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or reliance upon the contents of this e-mail
message is strictly prohibited. If you have received this e-mail
transmission in error, please reply to the sender, so that proper
delivery can be arranged, and please delete the message from your
computer.  Thank you.
Tektronix Texas, LLC formerly Inet Technologies, Inc.
------------------------------------------------------------------------


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux