Mailinglist Archive: zypp-devel (58 mails)
| < Previous | Next > |
Re: [zypp-devel] "must see" advisories for security updates, distro upgrades, OBS
- From: Stanislav Brabec <sbrabec@xxxxxxx>
- Date: Fri, 05 Jun 2009 12:11:33 +0200
- Message-id: <1244196693.4389.6.camel@xxxxxxxxxxxxxx>
On Tue, 2009-05-19 at 13:09 +0200, Michael Andres wrote:
Yes. (Well, there is a technical problem - Pre-commit version cannot be
easily detected inside rpm %post scriptlets.)
Advisories have to be kept for the whole upgrade protection period.
Probably yes.
Advisories are available on the web and in the text file in docdir.
Yes, it may be possible.
Yes. Some of update-messages have a similar nature.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxx
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
It can even happen that one is updating from vulnerable SLES10 to fixed
SLES11. Even then displaying of "must see" advisory is important.
So you want the advisory metadata to be a list of
condition
(translated?) text
condition
(translated?) text
...
Where the conditions are evaluated based on the pre-commit state of the
system. If the condition is met, the text snippet is included in the final
advisory. Condition might be more than just a version or version range, e.g.
if some vulnerability was fixed by replacing/renaming a package?
Yes. (Well, there is a technical problem - Pre-commit version cannot be
easily detected inside rpm %post scriptlets.)
Things may become tricky, if you update a package while a still unconfirmed
advisory for the old version is present, esp. if the new version also ships
an advisory.
Advisories have to be kept for the whole upgrade protection period.
I guess deleting the package should delete the advisory.
Probably yes.
Advisory metadata should be available, even if the package was installed by
non-SUSE tools?
Advisories are available on the web and in the text file in docdir.
We could think about including advisory metadata in the rpm-package. E.g as
file in /var/adm/update-advisories/<package>-<version>. Similar
to ../update-messages. So they get installed and vanish together with the
package.
Yes, it may be possible.
Maybe we can even unify update-advisories and update-messages. There's not
much difference.
Yes. Some of update-messages have a similar nature.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxx
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
| < Previous | Next > |