8.0 packages to QA
Howard Owen
hbo at egbok.com
Tue Jun 8 01:02:04 UTC 2004
I'd also suggest that the bugzilla entry be named in such a way as to
clearly point to the problem. Often the bugtraq message subject is good
for this. See for example https://bugzilla.fedora.us/show_bug.cgi?id=1719.
In Red Hat's bugzilla, the component and product fields are often useful
for narrowing down a search. Unfortunately, fedora.us doesn't make
extensive use of these fields. The 'Fedora Legacy' "product" and the
'LEGACY' keyword are pretty useful, though.
Other than that, bugtraq is a good place to look for patches, too. If you
aren't in a tremendous hurry, waiting for patches from other distros,
particularly the Red Hat ones, can be effective. If you *are* in a hurry,
or if the package isn't getting the attention from the vendors it
deserves, then the upstream package provider is the place to go.
Security Focus also maintains a useful vulnerability list at
http://www.securityfocus.com/bid. This has the nice property of listing
which versions in which distributions are vulnerable, even for those not
supported by the vendor.
On Mon, 7 Jun 2004,
Kelson Vibber wrote:
> At 12:20 PM 6/6/2004, Ow Mun Heng wrote:
> >Where to "Find" the patch would be the question. Someone on this list
> >actually pointed a few URLs. however, I would like to get some sort of
> >consensus here, Is BugZilla "the" way to go to look for patches? Eg: If
> >I see something on Bugtraq which affects one of my RH8.0 packages, Can I
> >just look into bugzilla and "try" to locate the patch for it?? If it's
> >not available there, are there any other locations whereby it can be
> >found?
>
> Well, if no one's posted a patch to bugzilla yet, there's always the
> program's home page. Some projects (sendmail, for instance) will post
> patches in addition to releasing updated versions of the program.
>
> I think Jon was suggesting that if another vendor issues a patched package,
> if you can get the sources - say from an RHEL-provided SRPM - you should be
> able to extract the patch from that package.
>
> In the case of using someone else's SRPM, the easiest way to deal with it is:
>
> rpm -ivh patched-for-other-distro.src.rpm
> (rename the spec file so it won't get overwritten)
> rpm -ivh latest-for-your-distro.src.rpm
>
> At this point you'll have all the appropriate sources for the package on
> RH8, plus the patch that was provided by the other vendor (say RHEL). You
> can then copy the appropriate lines from the other spec file and build an
> RPM incorporating the patch.
>
> P.S. *Please* don't use quotation marks for emphasis. Those of us who went
> through writing programs in college cringe every time we see them misused
> that way. Quotation marks indicate precision (as in an exact quotation),
> titles, or, in informal writing, doubt or irony (as in so-called "scare
> quotes") - never emphasis.
>
>
> Kelson Vibber
> SpeedGate Communications <www.speed.net>
>
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
>
--
Howard Owen "Even if you are on the right
EGBOK Consultants track, you'll get run over if you
hbo at egbok.com +1-650-218-2216 just sit there." - Will Rogers
More information about the fedora-legacy-list
mailing list