Re: radical suggestion for fc4 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-02-01 at 16:02 +0100, Arjan van de Ven wrote:
> On Tue, 2005-02-01 at 09:50 -0500, Jeff Spaleta wrote:
> > On Tue, 1 Feb 2005 09:28:45 +0000 (GMT), Mark J Cox <mjc@xxxxxxxxxx> wrote:
> > > What would be incredibly useful is to move (to being a Provides) the CVE
> > > names for issues that we're including a backported fix for.  Where we've
> > > moved to an upstream version that contains fixes those CVE names are less
> > > important as they can be deduced by a simple NV check.
> > 
> > I look forward to building pathological packages that have a requires
> > on a CVE name provides.
> 
> fedora-secure-system 
> 
> could require all the CVE's that are ciritical to be fixed 
> yum update fedora-secure-system 
> would then only pull security updates down....

This scheme just doesn't cut it because:

- you might need more than one package to fix a certain CVE
- you might think you have fixed a certain CVE with one package
revision, but you didn't, you'll have to issue an update but now the old
package still claims to fix this particular CVE

To get it right, we have to keep this separate from the individual
packages IMO. We could think of a fedora-secure-system package that
grabs CVEs and which packages are believed to fix them at build time,
then just conflicts with every
"%name < %{?epoch:%{epoch}:}%{version}%{release}" of the involved
packages.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."     -- B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux