----- Forwarded message from Ken Moffat via blfs-book <blfs-b...@lists.linuxfromscratch.org> -----
Arghh - I sent this to -book. Date: Sun, 18 Apr 2021 23:03:22 +0100 From: Ken Moffat via blfs-book <blfs-b...@lists.linuxfromscratch.org> To: blfs-b...@lists.linuxfromscratch.org Cc: Ken Moffat <zarniwh...@ntlworld.com> Subject: [blfs-book] RFC: Adding advisories chapter to the editor's guide. Reply-To: BLFS Book Maintenance List <blfs-b...@lists.linuxfromscratch.org> User-Agent: Mutt/2.0.6 (2021-03-06) X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <YHysqp+J2Ju/c9Zb@llamedos.localdomain> My first public version of new chapter 7 on how to update security advisories is now rendered at https://rivendell.linuxfromscratch.org/~ken/lfs-editors-guide/ and the cleaned-up patches which created it are at https://rivendell.linuxfromscratch.org/~ken/lfs-editors-guide-patches/ (I've also loaded everything I currently had at higgs). I have included comments on making symlinks so that you can check all the links locally before committing - in my own case, the rendered books are in /sources/books/ (versioned as sysv and systemd) but the advisories are in my lfswww repo at ~/ so I have symlinks from /sources/books/: blfs-advisories : to ~/.../lfswww/blfs/advisories lfs-advisories : to ~/.../lfswww/lfs/advsories lfs/view has links to current development and 10.1 LFS books, in my case development now goes to lfs-book-git. blfs to ../blfs-advisories (this fixes the link for consolicated.html when approached from the lfs advisories). view : links for the current and 10.1 BLFS books (in my case svn now goes to blfs-book-sysv). There are two items I regard as outstanding, apart from whatever people pick up when reviewing this: 1. I'd still like some replies to my post about restarting things which use OpenSSL after upgrading it, since I think that not all of our users will appreciate this needs to be done. 2. For the moment, where a vulnerability is late in coming to light and we have already both moved to a newer version, and then made a release, we do not currently mention it (on the grounds that users keeping up to date with addressing the vulnerabilities which concern them will have already read the advisories for the past release). I don't see any easy way of fixing this - if we spam the -dev and -support lists to say 'BTW - new vulnerability in old flac-3.2 has now come to light, see addition to the 10.0 advisories' that will be messy and also we do not report current advisories like that. (Yes, Doug, I thought omitting these was the way to go, but I now think it opens a hole in the process.) See the "In theory ..." paragraph of the Introduction (section 7.1)." ĸen -- My inbox is kind of a modern-day Colossal Cave adventure: "You are in a maze of twisty email threads, all similar but with different hidden details". -- Linus -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page ----- End forwarded message ----- -- My inbox is kind of a modern-day Colossal Cave adventure: "You are in a maze of twisty email threads, all similar but with different hidden details". -- Linus -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
