[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?
boklm at mars-attacks.org
Tue May 24 12:45:13 CEST 2011
On Tue, 24 May 2011, Christiaan Welvaart wrote:
> On Tue, 24 May 2011, Michael Scherer wrote:
>> I would keep this as a update after the release is out ( like they 4
>> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
>> So maybe we could open bugs for this ?
>> There is 2 proposal :
>> - filling them on security, and have a saved search
> What do you mean by that, a security product?
There is a component "Security" on bugzilla.
>> - creating a tracker bug
>> I would be in favor of the tracker bug :
>> - you can subscribe to it
>> - it will be clearer ( as bugfixes are not security so we may miss some
>> update to do )
>> - it doesn't pollute the list of saved search
>> But as pascal said, a tracker bug requires that each bug to be linked to
>> it, which is manual and error prone.
> I don't know much about bugzilla, but:
> - Add a keyword 'security' to all security bugs.
> (also manual and error prone?)
We already have a security component. Would a keyword instead of a
component be better for this ?
It is also manual, but a keywork is easier to remember than a tracker
Maybe we can also think about a mailing list to receive all security
More information about the Mageia-dev