Security update process without CVEs

Dennis Gilmore dennis at ausil.us
Fri Jan 24 04:53:55 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El Thu, 23 Jan 2014 14:51:51 -0800
Adam Williamson <awilliam at redhat.com> escribió:
> On Tue, 2014-01-21 at 14:32 -0700, Kevin Fenzi wrote:
> > On Tue, 21 Jan 2014 16:26:19 -0500
> > Dan Scott <denials at gmail.com> wrote:
> > 
> > > Hi:
> > > 
> > > A few hours ago I submitted requests to push perl-MARC-XML
> > > directly to stable (by filling out the "fedpkg update" request
> > > with type=security and request=stable)
> > 
> > You cannot push any update directly to stable. 
> > 
> > Security updates have to go though the same process as any other
> > update. 
> 
> This seems like a good point to ask, actually: what the hell does that
> field actually *mean*? I just toss a coin to fill it in, usually.

What it means is that its marked as a security bug in the
updateinfo.xml.gz metadata so that if you have the security only plugin
enabled it will be available, I believe the gui tools also mark it
differently, but I've not ever used them.

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJS4fHpAAoJEH7ltONmPFDRIYcP/3ObfhK+xU685ekaiaBo/p/C
dQ6oXQVQ8jPp7EhkwSlXbVLjI1JiiyNVgoU8AzQlcdX3Gc5Sv59uYDz9aneqqG1U
XJEWKbWplew+IOwyVCwlrjfYLVnHGqka7Whlb00EU5gp8kVATuk7vUnpR4Z4xGDk
/PKHnjvlOCiOvURVoGrWpytLXdkbkV13KdsCckHyRzu20eN3oF1QcQrpur0ayUn9
myu/wyNcvmPFYptwqXpD/tx2yHVxYrgZD1AxG4v+znilcDREqEwgPbZJ8l5vngur
UNEORu5IU2xNznHAsS6CiDIrE8HKpMR1wJgKiJKzVoTw3hO7EPkViG9qzhcMRAa2
9Qq+w0dBlpPU1s3eXA+RzAcyh9M+LUDCHoUuB9+Vc3c6OiEVQHmOAKw1bEMq7eWA
hKrmrPGjIX7shTr06H2z7yiAlPHLSHGW4WdQO8zqNQwsTSURqFN8cEgZ7XfOKNjN
AgQFYN0jfo6UGIzXe8se1jkbkrP08vl3aZzKRUYIXGMxpb+f4vvh7zjfPnuSUIQB
lmqWwDhbnYOWBsHJFi4PaghE5wzLDSCb88lFCmBUHg8pku3XqfIzcVwZ7NTXsuwl
8DkS90egY4C6xGYm8s1YxDPNMoYUYNkNw0P3OPOehrLvKhYaTLG0/r0XQMaUfkj1
7GStF8CHjTnN+M58c+NJ
=MgKi
-----END PGP SIGNATURE-----


More information about the devel mailing list