Mailinglist Archive: zypp-devel (58 mails)
| < Previous | Next > |
Re: [zypp-devel] "must see" advisories for security updates, distro upgrades, OBS
- From: Jano Kupec <jkupec@xxxxxxx>
- Date: Fri, 12 Jun 2009 15:24:36 +0200
- Message-id: <4A325714.30102@xxxxxxx>
Stanislav Brabec wrote:
Hi guys, what about creating a feature request for this? It looks like
pretting good thing to me.
Another use-case would be notification about conflicting configuration
files during an upgrade (packager's version vs. user's version) (see
https://features.opensuse.org/306411).
--
cheers,
jano
Ján Kupec
YaST team
---------------------------------------------------------(PGP)---
Key ID: 637EE901
Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901
---------------------------------------------------------(IRC)---
Server: irc.freenode.net
Nick: jniq
Channels: #zypp #yast #suse #susecz
---------------------------------------------------------(EOF)---
On Tue, 2009-05-19 at 13:09 +0200, Michael Andres wrote:
It can even happen that one is updating from vulnerable SLES10 to fixedSo you want the advisory metadata to be a list of
SLES11. Even then displaying of "must see" advisory is important.
condition
(translated?) text
condition
(translated?) text
...
Where the conditions are evaluated based on the pre-commit state of the
system. If the condition is met, the text snippet is included in the final
advisory. Condition might be more than just a version or version range, e.g.
if some vulnerability was fixed by replacing/renaming a package?
Yes. (Well, there is a technical problem - Pre-commit version cannot be
easily detected inside rpm %post scriptlets.)
Things may become tricky, if you update a package while a still unconfirmed
advisory for the old version is present, esp. if the new version also ships
an advisory.
Advisories have to be kept for the whole upgrade protection period.
I guess deleting the package should delete the advisory.
Probably yes.
Advisory metadata should be available, even if the package was installed by
non-SUSE tools?
Advisories are available on the web and in the text file in docdir.
We could think about including advisory metadata in the rpm-package. E.g as
file in /var/adm/update-advisories/<package>-<version>. Similar
to ../update-messages. So they get installed and vanish together with the
package.
Yes, it may be possible.
Maybe we can even unify update-advisories and update-messages. There's not
much difference.
Yes. Some of update-messages have a similar nature.
Hi guys, what about creating a feature request for this? It looks like
pretting good thing to me.
Another use-case would be notification about conflicting configuration
files during an upgrade (packager's version vs. user's version) (see
https://features.opensuse.org/306411).
--
cheers,
jano
Ján Kupec
YaST team
---------------------------------------------------------(PGP)---
Key ID: 637EE901
Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901
---------------------------------------------------------(IRC)---
Server: irc.freenode.net
Nick: jniq
Channels: #zypp #yast #suse #susecz
---------------------------------------------------------(EOF)---
| < Previous | Next > |