[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?

Tue May 24 12:30:27 CEST 2011

On Tue, 24 May 2011, Michael Scherer wrote:
+
+> I would keep this as a update after the release is out ( like they 4
+> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
+> yesterday.
+>
+> So maybe we could open bugs for this ?
+
+> There is 2 proposal :
+> - filling them on security, and have a saved search
+
+What do you mean by that, a security product?
+
+> - creating a tracker bug
+>
+> I would be in favor of the tracker bug :
+> - you can subscribe to it
+> - it will be clearer ( as bugfixes are not security so we may miss some
+> update to do )
+> - it doesn't pollute the list of saved search
+>
+> But as pascal said, a tracker bug requires that each bug to be linked to
+> it, which is manual and error prone.
+
+I don't know much about bugzilla, but:
+   - Add a keyword 'security' to all security bugs.
+     (also manual and error prone?)
+   - Set target to 'Mageia 1' for all bugs about stable updates.
+     Bugs about backports are not allowed to be targeted at a stable
+     release, we can add additonal backports targets if needed.
+
+Having a saved search that can easily be found doesn't sound like a bad
+idea. A tracker bug won't be closed even if all dependencies are resolved,
+is that a good way to use tracker bugs?
+
+
+     Christiaan
+