Hints for working with CVEs?

Josh Bressers bressers at redhat.com
Fri May 5 17:45:22 UTC 2006


> >>>>> "DG" == Dennis Gilmore <dennis at ausil.us> writes:
> 
> DG> My question is should I have filed a bug anyway so that we have a
> DG> public record that the issue had been fixed?
> 
> I think that there's no point in filing bugs about things which have
> already been fixed, especially now when we're just getting started.
> However, if the fixed package is not at your local mirror then you
> should definitely open a ticket.
> 
> The fact that changes had been committed doesn't mean that a build was
> requested, or that it has succeeded.

This is a time the package-release tool can come in handy.  It will tell
you which versions of a package are available (not what's in CVS).  I
modified the tool last night to support fuzzy matching, so if I run
'package-release perl' I get a list of all packages with 'perl' in their
name.

-- 
    JB




More information about the Fedora-security-list mailing list