8.0 packages to QA

Howard Owen hbo at egbok.com
Tue Jun 8 01:02:04 UTC 2004 

I'd also suggest that the bugzilla entry be named in such a way as to 
clearly point to the problem. Often the bugtraq message subject is good 
for this. See for example https://bugzilla.fedora.us/show_bug.cgi?id=1719.

In Red Hat's bugzilla, the component and product fields are often useful 
for narrowing down a search. Unfortunately, fedora.us doesn't make 
extensive use of these fields. The 'Fedora Legacy' "product" and the 
'LEGACY' keyword are pretty useful, though.

Other than that, bugtraq is a good place to look for patches, too. If you 
aren't in a tremendous hurry, waiting for patches from other distros, 
particularly the Red Hat ones, can be effective. If you *are* in a hurry, 
or if the package isn't getting the attention from the vendors it 
deserves, then the upstream package provider is the place to go.

Security Focus also maintains a useful vulnerability list at 
http://www.securityfocus.com/bid. This has the nice property of listing 
which versions in which distributions are vulnerable, even for those not 
supported by the vendor.

 On Mon, 7 Jun 2004, 
Kelson Vibber wrote:

> At 12:20 PM 6/6/2004, Ow Mun Heng wrote:
> >Where to "Find" the patch would be the question. Someone on this list
> >actually pointed a few URLs. however, I would like to get some sort of
> >consensus here, Is BugZilla "the" way to go to look for patches? Eg: If
> >I see something on Bugtraq which affects one of my RH8.0 packages, Can I
> >just look into bugzilla and "try" to locate the patch for it?? If it's
> >not available there, are there any other locations whereby it can be
> >found?
> 
> Well, if no one's posted a patch to bugzilla yet, there's always the 
> program's home page.  Some projects (sendmail, for instance) will post 
> patches in addition to releasing updated versions of the program.
> 
> I think Jon was suggesting that if another vendor issues a patched package, 
> if you can get the sources - say from an RHEL-provided SRPM - you should be 
> able to extract the patch from that package.
> 
> In the case of using someone else's SRPM, the easiest way to deal with it is:
> 
> rpm -ivh patched-for-other-distro.src.rpm
> (rename the spec file so it won't get overwritten)
> rpm -ivh latest-for-your-distro.src.rpm
> 
> At this point you'll have all the appropriate sources for the package on 
> RH8, plus the patch that was provided by the other vendor (say RHEL).  You 
> can then copy the appropriate lines from the other spec file and build an 
> RPM incorporating the patch.
> 
> P.S. *Please* don't use quotation marks for emphasis. Those of us who went 
> through writing programs in college cringe every time we see them misused 
> that way. Quotation marks indicate precision (as in an exact quotation), 
> titles, or, in informal writing, doubt or irony (as in so-called "scare 
> quotes") - never emphasis.
> 
> 
> Kelson Vibber
> SpeedGate Communications <www.speed.net> 
> 
> 
> 
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
> 
> 

-- 
Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hbo at egbok.com    +1-650-218-2216  just sit there." - Will Rogers

More information about the fedora-legacy-list mailing list