Software Management call for RFEs

Richard W.M. Jones rjones at
Mon Jun 3 08:46:28 UTC 2013

On Sun, Jun 02, 2013 at 02:43:15PM +0200, enclair wrote:
> I'd like a tool similar to portaudit in FreeBSD or debscan in Debian. This
> tool should list all packages which have a security issue. Currently there
> is yum-security-plugin but it lists packages only if an update is
> available. The new tool would list vulnerable packages even if no update is
> available yet, so that the user can take precaution.

You probably want SCAP (specifically OpenSCAP).  It's the proper
solution for all of this.

However the real issue is going to be that the OpenSCAP vulnerability
databases for Fedora are not maintained.


Richard Jones, Virtualization Group, Red Hat
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.

More information about the devel mailing list