On 2014-04-25 15:25, Pat Riehecky wrote: > On 04/24/2014 04:21 PM, Orion Poplawski wrote: >> On 10/17/2013 02:27 PM, Connie Sieh wrote: >>> ---------- Forwarded message ---------- >>> Date: Thu, 17 Oct 2013 15:25:39 -0500 >>> From: Connie Sieh <[email protected]> >>> To: [email protected] >>> Subject: Software Collections 1.0 is available for SL 6 >>> >>> The following TUV "software collection" products are now available for SL 6. >>> >>> A README with info about yum repos for these packages is available from >>> ftp://sldist.fnal.gov/linux/scientific/6x/external_products/softwarecollecti >>> ons/README >> >> Any chance of yum-conf-softwarecollections ending up in the main SL repos? >> >> > > That's an interesting idea. Lets take it to the devel list and see what > people think.
@me not subscribed to the devel@ list so giving my rant here. The versions provided in softwarecollections have almost already known vulnerabilities. Picking only the latest CVE entires retrieved after softwarecollections publish date. php-5.4: CVE-2013-6420 postgresql: CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 python27 / python33: CVE-2014-1912 ruby193: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417 Until the collection gets more notice from upstream I don't think it is a good idea to provide yum-conf-softwarecollection. -- Regards, olli
