On Tue, 2009-05-19 at 13:09 +0200, Michael Andres wrote:
It can even happen that one is updating from vulnerable SLES10 to fixed SLES11. Even then displaying of "must see" advisory is important.
So you want the advisory metadata to be a list of
condition (translated?) text condition (translated?) text ...
Where the conditions are evaluated based on the pre-commit state of the system. If the condition is met, the text snippet is included in the final advisory. Condition might be more than just a version or version range, e.g. if some vulnerability was fixed by replacing/renaming a package?
Yes. (Well, there is a technical problem - Pre-commit version cannot be easily detected inside rpm %post scriptlets.)
Things may become tricky, if you update a package while a still unconfirmed advisory for the old version is present, esp. if the new version also ships an advisory.
Advisories have to be kept for the whole upgrade protection period.
I guess deleting the package should delete the advisory.
Probably yes.
Advisory metadata should be available, even if the package was installed by non-SUSE tools?
Advisories are available on the web and in the text file in docdir.
We could think about including advisory metadata in the rpm-package. E.g as file in /var/adm/update-advisories/<package>-<version>. Similar to ../update-messages. So they get installed and vanish together with the package.
Yes, it may be possible.
Maybe we can even unify update-advisories and update-messages. There's not much difference.
Yes. Some of update-messages have a similar nature. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@suse.cz Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org