On 02/07/2018 01:38 PM, Kevin Fenzi wrote:
> We don't have any way to track
> security issues for all the frozen set do we?

There is a way to declare that you have bundled dependencies. I did this
for some of Bodhi's JavaScript stuff:


Basically you do this:

Provides: bundled(bootstrap) = 3.0.1

This way it is possible to search the collection of RPMs for all that
contain versions of dependencies with known security issues.

Attachment: signature.asc
Description: OpenPGP digital signature

infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Reply via email to