Stanislav Brabec wrote:
On Tue, 2009-05-19 at 13:09 +0200, Michael Andres wrote:
It can even happen that one is updating from vulnerable SLES10 to fixed SLES11. Even then displaying of "must see" advisory is important.
So you want the advisory metadata to be a list of
condition (translated?) text condition (translated?) text ...
Where the conditions are evaluated based on the pre-commit state of the system. If the condition is met, the text snippet is included in the final advisory. Condition might be more than just a version or version range, e.g. if some vulnerability was fixed by replacing/renaming a package?
Yes. (Well, there is a technical problem - Pre-commit version cannot be easily detected inside rpm %post scriptlets.)
Things may become tricky, if you update a package while a still unconfirmed advisory for the old version is present, esp. if the new version also ships an advisory.
Advisories have to be kept for the whole upgrade protection period.
I guess deleting the package should delete the advisory.
Probably yes.
Advisory metadata should be available, even if the package was installed by non-SUSE tools?
Advisories are available on the web and in the text file in docdir.
We could think about including advisory metadata in the rpm-package. E.g as file in /var/adm/update-advisories/<package>-<version>. Similar to ../update-messages. So they get installed and vanish together with the package.
Yes, it may be possible.
Maybe we can even unify update-advisories and update-messages. There's not much difference.
Yes. Some of update-messages have a similar nature.
Hi guys, what about creating a feature request for this? It looks like pretting good thing to me. Another use-case would be notification about conflicting configuration files during an upgrade (packager's version vs. user's version) (see https://features.opensuse.org/306411). -- cheers, jano Ján Kupec YaST team ---------------------------------------------------------(PGP)--- Key ID: 637EE901 Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901 ---------------------------------------------------------(IRC)--- Server: irc.freenode.net Nick: jniq Channels: #zypp #yast #suse #susecz ---------------------------------------------------------(EOF)---