I've been lurking on this list for a while, and I wanted to bring myself up to
date. I noticed some talk of a community SCL for a "latest" Python, which
would be a non-patched pure build of Python that is kept up-to-date by the
community. Where is that at? Who is leading it? How can I
Hi Dan. May I ask a question? Is your security team looking for a fix
to a specific security problem or CVE or are they asking that you run
the latest version as a rule?
thanks,
Brian
On 06/29/2017 11:24 AM, Davis, Daniel (NIH/NLM) [C] wrote:
I’ve been lurking on this list for a while,
So, maybe I've missed something, but is this more complicated than running
rpmbuild with different Macros?I'm pretty good with rpms, but I know I
don't always follow Fedora Packaging Guidelines. I know that our DevOps guys
will not want to submit builds to Copr, etc., and may not even use
The DevOps team wants to update to the latest Python as a rule as a security
from security mitigation technique.I hope that makes sense.
From: Brian Gollaher [mailto:bgoll...@redhat.com]
Sent: Thursday, June 29, 2017 11:50 AM
To: Davis, Daniel (NIH/NLM) [C] ;
Yes, thanks Dan. Many security scanning tools look for the latest
version and flag older versions as being a potential risk. I wanted to
be sure that this is what is happening, rather than collections not
receiving security updates fast enough and actually missing an important
CVE.
On