diff options
Diffstat (limited to 'zarb-ml/mageia-dev/20110524/004939.html')
| -rw-r--r-- | zarb-ml/mageia-dev/20110524/004939.html | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/20110524/004939.html b/zarb-ml/mageia-dev/20110524/004939.html new file mode 100644 index 000000000..b46964d5d --- /dev/null +++ b/zarb-ml/mageia-dev/20110524/004939.html @@ -0,0 +1,141 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] slight security improvement: should we update aria2 to 1.11.2? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20slight%20security%20improvement%3A%20should%20we%20update%0A%20aria2%20to%201.11.2%3F&In-Reply-To=%3Calpine.LMD.2.02.1105241358001.26733%40zem.cjw.nep%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="004937.html"> + <LINK REL="Next" HREF="004931.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?</H1> + <B>Christiaan Welvaart</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20slight%20security%20improvement%3A%20should%20we%20update%0A%20aria2%20to%201.11.2%3F&In-Reply-To=%3Calpine.LMD.2.02.1105241358001.26733%40zem.cjw.nep%3E" + TITLE="[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?">cjw at daneel.dyndns.org + </A><BR> + <I>Tue May 24 14:47:47 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="004937.html">[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2? +</A></li> + <LI>Next message: <A HREF="004931.html">[Mageia-dev] Push request +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4939">[ date ]</a> + <a href="thread.html#4939">[ thread ]</a> + <a href="subject.html#4939">[ subject ]</a> + <a href="author.html#4939">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Tue, 24 May 2011, Michael Scherer wrote: + +><i> Le mardi 24 mai 2011 à 12:45 +0200, nicolas vigier a écrit : +</I>>><i> On Tue, 24 May 2011, Christiaan Welvaart wrote: +</I>>><i> +</I>>>><i> On Tue, 24 May 2011, Michael Scherer wrote: +</I> +>>>><i> There is 2 proposal : +</I>>>>><i> - filling them on security, and have a saved search +</I>>>>><i> - creating a tracker bug +</I>>>>><i> +</I>>>>><i> I would be in favor of the tracker bug : +</I>>>>><i> - you can subscribe to it +</I>>>>><i> - it will be clearer ( as bugfixes are not security so we may miss some +</I>>>>><i> update to do ) +</I>>>>><i> - it doesn't pollute the list of saved search +</I>>>>><i> +</I>>>>><i> But as pascal said, a tracker bug requires that each bug to be linked to +</I>>>>><i> it, which is manual and error prone. +</I>>>><i> +</I>>>><i> I don't know much about bugzilla, but: +</I>>>><i> - Add a keyword 'security' to all security bugs. +</I>>>><i> (also manual and error prone?) +</I>>><i> +</I>>><i> We already have a security component. Would a keyword instead of a +</I>>><i> component be better for this ? +</I> +><i> What when we have more than 1 release ? +</I>><i> +</I>><i> I really think the security component is wrongly named. The bug is +</I>><i> against a rpm package, be it a security or non security fix, and +</I>><i> treating security fix differently than non security fixes add IMHO +</I>><i> unneeded complexity to the process. +</I> +I agree with Michael: security is not a component: a security issue in a +package is still a bug in that package. (And I still consider each source +rpm a component like originally configured in the mandrake bugzilla). + +>><i> It is also manual, but a keywork is easier to remember than a tracker +</I>>><i> bug number. +</I>><i> +</I>><i> That's a good point, I guess we can either place the link on bugzilla +</I>><i> main page, or use named bugs, or something like that ? +</I> +There is a 'version' in bugzilla, with only 'Cauldron' in it currently, +maybe that should be used. Setting this (or a target milestone) for a bug +is easy, just choose 'Mageia 1' from the list. So if you want to see all +updates in the list, make a search for bugs with version (or target +milestone) Mageia 1. A link on the main page would be fine with me. It's a +trivial search, however (: + +>><i> Maybe we can also think about a mailing list to receive all security +</I>>><i> bugs. +</I>><i> +</I>><i> It doesn't take non security related fix in account. +</I>><i> +</I>><i> Given the fact that there is no difference between the way we treat them +</I>><i> ( ie, it is updates ), and given the fact than even later the difference +</I>><i> will be between embargoed updates and the rest, I guess that a generic +</I>><i> list for issue affecting a stable release would be better suited. +</I>><i> +</I>><i> But I am not sure it will help much, we need to think to the problem we +</I>><i> try to solve, and the way I see it, it is twofold : +</I>><i> +</I>><i> - we need to have a list of thing to update ( security or not, doesn't +</I>><i> matter now ) +</I>><i> - we need a way to be aware of changes to the aformentioned list +</I> +Maybe there can be a trigger in bugzilla on all bugs that are newly +targeted or retargeted at a stable release? + +><i> The solutions must : +</I>><i> - be extensible with possibility of having a embargo in the future +</I> +AFAIK bugzilla supports access restrictions on individual bugs. + +><i> - be as automated as possible +</I>><i> - be open to people that want to help +</I>><i> - take in account that we will have more than 1 release, maybe more than +</I>><i> 1 project +</I> +Products and releases are already supported in the current bugzilla +configuration. + + + Christiaan +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="004937.html">[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2? +</A></li> + <LI>Next message: <A HREF="004931.html">[Mageia-dev] Push request +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#4939">[ date ]</a> + <a href="thread.html#4939">[ thread ]</a> + <a href="subject.html#4939">[ subject ]</a> + <a href="author.html#4939">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |