Summary: | Add security information to the portage tree | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Leonardo <cmt.miniBill> |
Component: | Enhancement/Feature Requests | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Leonardo
2013-02-15 10:07:00 UTC
You are aware of http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=14 ? Yes I am, but that is a script that needs to be run manually, what I'm suggesting instead would appear in the output of emerge. Besides, my proposal would: 1) Allow information to be tied to single packages instead of having a conglomerate of xml files 2) Allow outdated information to be purged out of the portage tree 3) Allow much cheaper checking of packages affected by glsa [not needing to read every glsa, but only those affecting installed packages] Just a small note: if this ever gets implemented the data needed is not the update which is a security update, but the versions affected by each security problem, as something older versions are not affected |