Mantis and "difficult" upgrades
Jason L Tibbitts III
tibbs at math.uh.edu
Mon May 22 15:36:25 UTC 2006
>>>>> "DG" == Dennis Gilmore <dennis at ausil.us> writes:
DG> Bad if it could break things badly. better to make sure that the
DG> admin is aware of what is needed. Could be ok with sufficient
DG> testing
I looked at the mantis source and it seems to be coded to handle this
well. The login page (it's a bug tracker written in PHP) checks the
database schema version and, if outdated, sends you to an upgrade
page.
If the CVEs are serious enough, just pushing the update may be the
best course of action. Otherwise we can see if it's reasonable to run the update snippet
in %post.
>> 3) Leave things as they are (insecure).
DG> Not good and another reason to EOL FE3
FE4 has precisely the same issue in this case, so it seems this is not
an option.
>> 4) Work in earnest to try to backport patches or come up with our
>> own fixes.
DG> May be best bet.
It depends on the nature of the problem. It could require someone
knowledgeable in both the operation of Mantis and PHP programming.
Leaves me out.
- J<
More information about the Fedora-security-list
mailing list