Public Announcment for Fedora Extras
Josh Bressers
bressers at redhat.com
Tue Jun 13 00:43:23 UTC 2006
>
> > We put a file in our cvs repository that looks a bit like this
> >
> > 2006-001
> > 2006-002
> > 2006-003
> > <see if you can figure out what's next>
> >
> > We then take one
> >
> > 2006-001 some package
> >
> > and commit the file. It's important we remember to commit the file lest
> > someone else steal it. It prevents concurrency issues as only one person
> > can commit at a time.
> >
> > Ideally I think it would be best to have a directory layout as such
> >
> > advisories/
> > ids
> > text/
> > 2006-001
> >
> > We could then write a script that we run with a package name. It then
> > modifies the ids file, adds a new skeleton file in text/ then runs
> > cvs commit -m 'Create errata 2006-001'
> >
> > Once we're happy with the errata text (multiple people can read/modify it),
> > we run another command that magically mails it to the list in question, and
> > makes a note in the ids file that it's been "pushed" along with the date.
> > This would allow us to work on advisories before the packages are ready.
> >
> > We could also then generate a sort of advisory index page for the project
> > so when we find some web space somewhere, publishing our advisories is
> > trivial.
> >
> > If we ensure we note the bugs fixed in our errata it will also be possible
> > to close the bugs automagically via our script.
>
> The current update system already automatically generates and sends
> advisory text, as well as automatic bug commenting/closing.
>
> > Thoughts?
>
> Seeing as how getting the update system out from under it's rock is
> getting to be a pretty large priority, I'd hate to have us duplicate
> this functionality for Extras/Legacy/Core.
I had a short chat with Luke about this yesterday. An update system is
still a few months out. Unless someone complains, I'm going to create a
simple script based system similar to what I describe above. I think we've
drug our feet long enough.
If anyone has any thoughts or complaints, let me know.
--
JB
More information about the Fedora-security-list
mailing list