Public Announcment for Fedora Extras

Josh Bressers bressers at redhat.com
Tue Jun 13 00:43:23 UTC 2006 

> 
> > We put a file in our cvs repository that looks a bit like this
> > 
> > 2006-001
> > 2006-002
> > 2006-003
> > <see if you can figure out what's next>
> > 
> > We then take one
> > 
> > 2006-001 some package
> > 
> > and commit the file.  It's important we remember to commit the file lest
> > someone else steal it.  It prevents concurrency issues as only one person
> > can commit at a time.
> > 
> > Ideally I think it would be best to have a directory layout as such
> > 
> > advisories/
> >     ids
> >     text/
> >         2006-001
> > 
> > We could then write a script that we run with a package name.  It then
> > modifies the ids file, adds a new skeleton file in text/ then runs
> > cvs commit -m 'Create errata 2006-001'
> > 
> > Once we're happy with the errata text (multiple people can read/modify it),
> > we run another command that magically mails it to the list in question, and
> > makes a note in the ids file that it's been "pushed" along with the date.
> > This would allow us to work on advisories before the packages are ready.
> > 
> > We could also then generate a sort of advisory index page for the project
> > so when we find some web space somewhere, publishing our advisories is
> > trivial.
> > 
> > If we ensure we note the bugs fixed in our errata it will also be possible
> > to close the bugs automagically via our script.
> 
> The current update system already automatically generates and sends
> advisory text, as well as automatic bug commenting/closing.
> 
> > Thoughts?
> 
> Seeing as how getting the update system out from under it's rock is
> getting to be a pretty large priority, I'd hate to have us duplicate
> this functionality for Extras/Legacy/Core.

I had a short chat with Luke about this yesterday.  An update system is
still a few months out.  Unless someone complains, I'm going to create a
simple script based system similar to what I describe above.  I think we've
drug our feet long enough.

If anyone has any thoughts or complaints, let me know.

-- 
    JB

More information about the Fedora-security-list mailing list