[scl.org] Python "latest" SCLo
Brian Gollaher
bgollahe at redhat.com
Thu Jun 29 16:51:30 UTC 2017
Yes, thanks Dan. Many security scanning tools look for the latest
version and flag older versions as being a potential risk. I wanted to
be sure that this is what is happening, rather than collections not
receiving security updates fast enough and actually missing an important
CVE.
On 06/29/2017 11:54 AM, Davis, Daniel (NIH/NLM) [C] wrote:
>
> The DevOps team wants to update to the latest Python as a rule as a
> security from security mitigation technique. I hope that makes sense.
>
> *From:*Brian Gollaher [mailto:bgollahe at redhat.com]
> *Sent:* Thursday, June 29, 2017 11:50 AM
> *To:* Davis, Daniel (NIH/NLM) [C] <daniel.davis at nih.gov>;
> sclorg at redhat.com
> *Subject:* Re: [scl.org] Python "latest" SCLo
>
> Hi Dan. May I ask a question? Is your security team looking for a
> fix to a specific security problem or CVE or are they asking that you
> run the latest version as a rule?
>
> thanks,
> Brian
>
> On 06/29/2017 11:24 AM, Davis, Daniel (NIH/NLM) [C] wrote:
>
> I’ve been lurking on this list for a while, and I wanted to bring
> myself up to date. I noticed some talk of a community SCL for a
> “latest” Python, which would be a non-patched pure build of Python
> that is kept up-to-date by the community. Where is that at?
> Who is leading it? How can I help?
>
> For background, we’ve used rh-python34 for some time, but our
> security team recently dinged us for sticking with Python 3.4.2,
> and my DevOps team (who have less time due to tickets), just
> recompiled Python 3.4.6 blind to get past the security problem.
> I would have argued we should move to rh-python35, but that would
> eventually suffer the same problem. What we need is a
> distribution that keeps up to date, but is still distributed as an
> rpm.
>
> Thanks,
>
> Dan Davis, Systems/Applications Architect (Contractor),
>
> Office of Computer and Communications Systems,
>
> National Library of Medicine, NIH
>
>
>
>
> _______________________________________________
>
> SCLorg mailing list
>
> SCLorg at redhat.com <mailto:SCLorg at redhat.com>
>
> https://www.redhat.com/mailman/listinfo/sclorg
>
>
>
> --
> Brian Gollaher
> Red Hat Platform Product Management
> Phone: 978 392-3173
> Cell: 508 740-6549
> briang at redhat.com <mailto:briang at redhat.com>
--
Brian Gollaher
Red Hat Platform Product Management
Phone: 978 392-3173
Cell: 508 740-6549
briang at redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20170629/7e57166e/attachment.htm>
More information about the SCLorg
mailing list