[Frugalware-devel] security support
VMiklos
vmiklos at frugalware.org
Sun Aug 20 20:08:24 CEST 2006
On Sat, Aug 19, 2006 at 05:00:45PM +0200, VOROSKOI Andras <voroskoi at frugalware.org> wrote:
> > 1) wait till the packages are on the server
> > 2) in a dedicated repo (or it can be homepage-ng if we would like) the
> > FSAs would be stored in a similar form as the current news (just with
> > the structure you've proposed) and after the push the mail would be
> > generated (sha1sums, gpg signing)
>
> Sounds good.
Alex, then could you please design an xml for this under
homepage-ng/frugalware/xml?
>
> > hmm, technically that would mean database structure changes, do we
> > really need it? we could just append a "-stable affected, too". (ok, not
> > the best solution, but as long as we don't have a dedicated bts engine
> > maintainer it's a problem)
>
> Well, ok. But then you can not search for not fixed SEC bugs in -stable. Well, does not really matter.
what about adding a new "Fixed in -current" status? and all the the bugs
those are already fixed in -current but not yet in -stable would have
that status
a new question: what should be the whole prodecure? i mean something
like this:
1) you/the sec team open(s) a [SEC] bug
2) the maintainer fixes the issue in -current and decides if the issue
needs fixing in -stable or not. if yes, then changes its status to
"Fixed in -current" otherwise closes the task
3) the sec team regularly searches for "Fixed in -current" bugs, fixes
the issue in -stable and releases an FSA
is this approach ok?
udv / greetings,
VMiklos
--
Developer of Frugalware Linux, to make things frugal - http://frugalware.org
More information about the Frugalware-devel
mailing list