[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?

Christiaan Welvaart cjw at daneel.dyndns.org
Tue May 24 12:30:27 CEST 2011

On Tue, 24 May 2011, Michael Scherer wrote:

> I would keep this as a update after the release is out ( like they 4
> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
> yesterday.
> So maybe we could open bugs for this ?

> There is 2 proposal :
> - filling them on security, and have a saved search

What do you mean by that, a security product?

> - creating a tracker bug
> I would be in favor of the tracker bug :
> - you can subscribe to it
> - it will be clearer ( as bugfixes are not security so we may miss some
> update to do )
> - it doesn't pollute the list of saved search
> But as pascal said, a tracker bug requires that each bug to be linked to
> it, which is manual and error prone.

I don't know much about bugzilla, but:
   - Add a keyword 'security' to all security bugs.
     (also manual and error prone?)
   - Set target to 'Mageia 1' for all bugs about stable updates.
     Bugs about backports are not allowed to be targeted at a stable
     release, we can add additonal backports targets if needed.

Having a saved search that can easily be found doesn't sound like a bad
idea. A tracker bug won't be closed even if all dependencies are resolved,
is that a good way to use tracker bugs?


More information about the Mageia-dev mailing list