[Mageia-dev] slight security improvement: should we update aria2 to 1.11.2?
nicolas vigier
boklm at mars-attacks.org
Tue May 24 12:45:13 CEST 2011
On Tue, 24 May 2011, Christiaan Welvaart wrote:
> On Tue, 24 May 2011, Michael Scherer wrote:
>
>> I would keep this as a update after the release is out ( like they 4
>> ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
>> yesterday.
>>
>> So maybe we could open bugs for this ?
>
>> There is 2 proposal :
>> - filling them on security, and have a saved search
>
> What do you mean by that, a security product?
There is a component "Security" on bugzilla.
>
>> - creating a tracker bug
>>
>> I would be in favor of the tracker bug :
>> - you can subscribe to it
>> - it will be clearer ( as bugfixes are not security so we may miss some
>> update to do )
>> - it doesn't pollute the list of saved search
>>
>> But as pascal said, a tracker bug requires that each bug to be linked to
>> it, which is manual and error prone.
>
> I don't know much about bugzilla, but:
> - Add a keyword 'security' to all security bugs.
> (also manual and error prone?)
We already have a security component. Would a keyword instead of a
component be better for this ?
It is also manual, but a keywork is easier to remember than a tracker
bug number.
Maybe we can also think about a mailing list to receive all security
bugs.
More information about the Mageia-dev
mailing list