[scl.org] Python "latest" SCLo

Brian Gollaher bgollahe at redhat.com
Thu Jun 29 16:51:30 UTC 2017 

Yes, thanks Dan.  Many security scanning tools look for the latest 
version and flag older versions as being a potential risk.  I wanted to 
be sure that this is what is happening, rather than collections not 
receiving security updates fast enough and actually missing an important 
CVE.

On 06/29/2017 11:54 AM, Davis, Daniel (NIH/NLM) [C] wrote:
>
> The DevOps team wants to update to the latest Python as a rule as a 
> security from security mitigation technique.    I hope that makes sense.
>
> *From:*Brian Gollaher [mailto:bgollahe at redhat.com]
> *Sent:* Thursday, June 29, 2017 11:50 AM
> *To:* Davis, Daniel (NIH/NLM) [C] <daniel.davis at nih.gov>; 
> sclorg at redhat.com
> *Subject:* Re: [scl.org] Python "latest" SCLo
>
> Hi Dan.  May I ask a question?  Is your security team looking for a 
> fix to a specific security problem or CVE or are they asking that you 
> run the latest version as a rule?
>
> thanks,
> Brian
>
> On 06/29/2017 11:24 AM, Davis, Daniel (NIH/NLM) [C] wrote:
>
>     I’ve been lurking on this list for a while, and I wanted to bring
>     myself up to date.   I noticed some talk of a community SCL for a
>     “latest” Python, which would be a non-patched pure build of Python
>     that is kept up-to-date by the community.   Where is that at?  
>     Who is leading it?   How can I help?
>
>     For background, we’ve used rh-python34 for some time, but our
>     security team recently dinged us for sticking with Python 3.4.2,
>     and my DevOps team (who have less time due to tickets), just
>     recompiled Python 3.4.6 blind to get past the security problem.  
>     I would have argued we should move to rh-python35, but that would
>     eventually suffer the same problem.   What we need is a
>     distribution that keeps up to date, but is still distributed as an
>     rpm.
>
>     Thanks,
>
>     Dan Davis, Systems/Applications Architect (Contractor),
>
>     Office of Computer and Communications Systems,
>
>     National Library of Medicine, NIH
>
>
>
>
>     _______________________________________________
>
>     SCLorg mailing list
>
>     SCLorg at redhat.com <mailto:SCLorg at redhat.com>
>
>     https://www.redhat.com/mailman/listinfo/sclorg
>
>
>
> -- 
> Brian Gollaher
> Red Hat Platform Product Management
> Phone: 978 392-3173
> Cell: 508 740-6549
> briang at redhat.com <mailto:briang at redhat.com>

-- 
Brian Gollaher
Red Hat Platform Product Management
Phone: 978 392-3173
Cell: 508 740-6549
briang at redhat.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20170629/7e57166e/attachment.htm>

More information about the SCLorg mailing list