[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?
Christiaan Welvaart
cjw at daneel.dyndns.org
Tue May 24 12:30:27 CEST 2011
On Tue, 24 May 2011, Michael Scherer wrote:
> I would keep this as a update after the release is out ( like they 4
> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
> yesterday.
>
> So maybe we could open bugs for this ?
> There is 2 proposal :
> - filling them on security, and have a saved search
What do you mean by that, a security product?
> - creating a tracker bug
>
> I would be in favor of the tracker bug :
> - you can subscribe to it
> - it will be clearer ( as bugfixes are not security so we may miss some
> update to do )
> - it doesn't pollute the list of saved search
>
> But as pascal said, a tracker bug requires that each bug to be linked to
> it, which is manual and error prone.
I don't know much about bugzilla, but:
- Add a keyword 'security' to all security bugs.
(also manual and error prone?)
- Set target to 'Mageia 1' for all bugs about stable updates.
Bugs about backports are not allowed to be targeted at a stable
release, we can add additonal backports targets if needed.
Having a saved search that can easily be found doesn't sound like a bad
idea. A tracker bug won't be closed even if all dependencies are resolved,
is that a good way to use tracker bugs?
Christiaan
More information about the Mageia-dev
mailing list