On 07/31/2018 08:51 PM, Daniel P. Berrangé wrote: > > Do we have any analysis showing what would be the fallout if we applied > these purge rules today ? ie what packages would be dropped today due > to unaddressed CVEs. > See reply to my previous email. Also i have attached the list here. I did some random analysis and came up with the following conclusion: https://bugzilla.redhat.com/show_bug.cgi?id=1493497 This one is ftbs on ppc https://bugzilla.redhat.com/show_bug.cgi?id=1488785 This one was actually fixed, but the bug did not close https://bugzilla.redhat.com/show_bug.cgi?id=1487715 This is iamgemagick so one of many cves which are open against it. https://bugzilla.redhat.com/show_bug.cgi?id=1484840 Not sure. > Then, from that list of packages, do we have idea of reasons why > their CVEs are not getting fixed in Fedora. This could perhaps identify > changes to help with the problem(s), rather than jumping straight to > the big stick of dropping packages. > I definitely want to address the core problem here, but i dont want to go through tens and even sometimes hundreds of bugs to figure out why they have not been fixed. Shouldnt the package maintainer be doing it in the first place? > > Regards, > Daniel > -- Huzaifa Sidhpurwala / Red Hat Product Security Team
apt-cacher-ng asterisk async-http-client binutils bzr chromium connman docker-distribution docker-latest emacs freerdp1.2 glpi hive ImageMagick itext jenkins-script-security-plugin ledger libmspack libsndfile lrzip mantis mercurial mesos mingw-binutils mingw-curl mingw-icu mingw-libgcrypt mingw-openjpeg2 mingw-openssl mingw-SDL2_image mongoose newsbeuter nodejs-debug nodejs-fresh nodejs-hawk nodejs-method-override nodejs-mime nodejs-st opencv openjpeg openjpeg2 opennlp passenger php php-Kohana python-scrapy resiprocate rtpproxy rubygem-ox rubygems sleuthkit springframework-amqp spring-ldap tcmu-runner tidy undertow xorg-x11-server
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/L62W4VXEJKI6RLUP6WPX5EPCT6Q7EE6H/
