On Fri, 2009-04-03 at 03:50 -0700, Toshio Kuratomi wrote: > Lubomir Rintel wrote: > > Well, not much of an issue if it has a caring and responsive maintainer. > > The Security Response team tracks also embedded and old copies and > > notifies their maintainers. > > Curious: How do you track embedded versions? Hm, looking at the fedora security CVS seems like my memories are fading since I left SRT. I was sure there was a file that lists known embedded versions of software packages within others, but I can't find it. Probably it was internal to Red Hat CVS. We've also been having an OpenGrok instance, which is no longer maintained at the time. That was pretty handy to find copied code anywhere. So... it might be that I was wrong -- I can't really say now SRT reliably tracks embedded copies of code. Current SRT members may know better. -- "Excuse all the blood" -- Dead -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
