epel security
Kevin Fenzi
kevin at tummy.com
Thu Aug 30 16:21:47 UTC 2007
On Thu, 30 Aug 2007 11:55:56 +0200
Lubomir Kundrak <lkundrak at redhat.com> wrote:
> Hi Kevin,
>
> On Wed, 2007-08-29 at 13:44 -0600, Kevin Fenzi wrote:
> > Would it be possible and/or advisable for us to add some audit files
> > for epel?
> >
> > EPEL has quite a few less packages than Fedora does, but we still
> > need a way to track security issues, etc. If they are all in the
> > same place then we can update them at the same time that Fedora
> > releases audit files are updated.
> >
> > Thoughts? Concerns?
> > Shall I just make them?
>
> I still have no idea about how is EPEL securit ygoing to be handled.
> If it is going to be the same way as Fedora, please do add the audit
> files, and also generate manifests for epel.
Well, It needs to be handled some way. I think adding it into the same
framework as we use for Fedora is the best way to go now.
I will go ahead and look at making audit and manifest files for epel
this weekend perhaps and try an inital pass at checking packages
against the audit. Unless someone comes up with a better idea before
then. ;)
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20070830/f0021229/attachment.bin
More information about the security
mailing list