On Thu, 2006-06-29 at 17:15 -0400, Josh Bressers wrote:
Hi everyone,
I finally checked in an extras errata generation system. It's rather
trivial. I've been sitting on this for a few weeks and just haven't had
time to clean it up enough to commit it.
And now we've sat on it a bit more, no announcements sent :(. Let's try
to improve.
The readme file has some details on how things work. In a nutshell
you
just have to run the errata-gen command, which places an advisory into the
errata directory for you. Then just edit away.
Okay, tested by creating FEDORA-EXTRAS-2006-003 for CVE-2006-3668, it
worked.
Now we have to think about how editing should be handled. I'm
thinking at
least one other team member should approve an errata before it gets mailed.
Thoughts?
Works for me. As a general rule, who mails it? The package maintainer?
The 1st or 2nd security team member handling the issue?
It might not be a bad idea to add a "CVE ID(s):" placeholder somewhere
in the template so that info is more likely to be included in the
announcement.