[scl.org] Python "latest" SCLo
bgollahe at redhat.com
Thu Jun 29 16:51:30 UTC 2017
Yes, thanks Dan. Many security scanning tools look for the latest
version and flag older versions as being a potential risk. I wanted to
be sure that this is what is happening, rather than collections not
receiving security updates fast enough and actually missing an important
On 06/29/2017 11:54 AM, Davis, Daniel (NIH/NLM) [C] wrote:
> The DevOps team wants to update to the latest Python as a rule as a
> security from security mitigation technique. I hope that makes sense.
> *From:*Brian Gollaher [mailto:bgollahe at redhat.com]
> *Sent:* Thursday, June 29, 2017 11:50 AM
> *To:* Davis, Daniel (NIH/NLM) [C] <daniel.davis at nih.gov>;
> sclorg at redhat.com
> *Subject:* Re: [scl.org] Python "latest" SCLo
> Hi Dan. May I ask a question? Is your security team looking for a
> fix to a specific security problem or CVE or are they asking that you
> run the latest version as a rule?
> On 06/29/2017 11:24 AM, Davis, Daniel (NIH/NLM) [C] wrote:
> I’ve been lurking on this list for a while, and I wanted to bring
> myself up to date. I noticed some talk of a community SCL for a
> “latest” Python, which would be a non-patched pure build of Python
> that is kept up-to-date by the community. Where is that at?
> Who is leading it? How can I help?
> For background, we’ve used rh-python34 for some time, but our
> security team recently dinged us for sticking with Python 3.4.2,
> and my DevOps team (who have less time due to tickets), just
> recompiled Python 3.4.6 blind to get past the security problem.
> I would have argued we should move to rh-python35, but that would
> eventually suffer the same problem. What we need is a
> distribution that keeps up to date, but is still distributed as an
> Dan Davis, Systems/Applications Architect (Contractor),
> Office of Computer and Communications Systems,
> National Library of Medicine, NIH
> SCLorg mailing list
> SCLorg at redhat.com <mailto:SCLorg at redhat.com>
> Brian Gollaher
> Red Hat Platform Product Management
> Phone: 978 392-3173
> Cell: 508 740-6549
> briang at redhat.com <mailto:briang at redhat.com>
Red Hat Platform Product Management
Phone: 978 392-3173
Cell: 508 740-6549
briang at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SCLorg