From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Subject: Re: [devel] security fixes and %changelog (was: [cyber] I: Sisyphus-20070713 packages: +5! +20 (6438))
Date: Fri, 13 Jul 2007 14:25:17 +0400
Message-ID: <20070713102517.GA5854@basalt.office.altlinux.org> (raw)
In-Reply-To: <777d80610707121854h4b3e7784xd7ff1b55bcbb4499@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1147 bytes --]
On Fri, Jul 13, 2007 at 05:54:50AM +0400, Aleksey Novodvorsky wrote:
> On 7/13/07, Michael Shigorin <mike@osdn.org.ua> wrote:
> > On Fri, Jul 13, 2007 at 01:41:05AM +0400, QA Team Robot wrote:
> > > mozilla-plugin-adobe-flash - Adobe Flash Player
> > > * Thu Jul 12 2007 Sergey V Turchin <zerg@altlinux> 9.0.48.0-alt2
> > > - add Categories parameter to desktop-file
> > > * Thu Jul 12 2007 Sergey V Turchin <zerg@altlinux> 9.0.48.0-alt1
> > > - new version
> > > * Mon Jan 22 2007 Sergey V Turchin <zerg@altlinux> 9.0.31.0-alt2
> >
> > Серж, там remote code exec заткнули, а ты даже слово security
> > в %changelog не упомянул.
> >
> > Это _очень_ плохая практика. Лучше забыть вписать всё остальное,
> > но критичные исправления в безопасности -- хоть словом или двумя.
> >
> > Настоятельная просьба касается всех участников команды.
>
> Лучше бы это оформить в виде полиси.
Внимание, оформляю в виде полиси:
Если в обновлении пакета содержится security fix, то вам следует явно
написать об этом в %changelog пакета.
Оставляю за собой право заворачивать обновления пакетов, нарушающих это
правило.
--
ldv
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2007-07-13 10:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-12 21:51 ` Michael Shigorin
2007-07-12 23:01 ` Led
2007-07-13 5:49 ` Pavlov Konstantin
2007-07-18 19:44 ` Konstantin A. Lepikhov
2007-07-13 6:44 ` [devel] security fixes and %changelog Michael Shigorin
2007-07-13 7:13 ` Igor Zubkov
2007-07-13 9:01 ` Michael Shigorin
2007-07-13 10:37 ` Igor Zubkov
2007-07-13 6:45 ` [devel] pulseaudio Michael Shigorin
2007-07-13 10:51 ` Igor Zubkov
2007-07-13 11:10 ` Dmitry V. Levin
2007-07-13 1:54 ` [devel] security fixes and %changelog (was: [cyber] I: Sisyphus-20070713 packages: +5! +20 (6438)) Aleksey Novodvorsky
2007-07-13 6:50 ` [devel] [PP] Re: security fixes and %changelog Michael Shigorin
2007-07-13 10:25 ` Dmitry V. Levin [this message]
2007-07-13 10:36 ` [devel] " Anton Farygin
2007-07-13 11:03 ` Dmitry V. Levin
2007-07-13 11:42 ` [devel] [wiki] /devel/SpecTips/ChangeLog (was: security fixes and %changelog) Michael Shigorin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070713102517.GA5854@basalt.office.altlinux.org \
--to=ldv@altlinux.org \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git