On Fri, Apr 13, 2007 at 01:12:56AM -0400, James Antill wrote:
> I wrote a yum plugin to use the security information out of the
> updateinfo.xml files. So if anyone wants to have a look at it, and
> comment I'm happy to take any and all feedback. You can get the fc6 and
> fc7 rpms here (and the man page, in html format):
>
> http://people.redhat.com/jantill/yum-security/
>
> ...it was also suggested that putting the plugin in the yum-utils
> package might be the best solution, instead of having it in it's own
> package. So, assuming that's possible, any feedback relative to that
> would be much appreciated.
Nice work!
After a quick glance, here are a few things that come to mind:
o ysp_check_func_enter() gets called from both the exclude_hook as
well as the postresolve_hook. Would it be possible to simply call
it once and store 'skip'/'list_cmd' somewhere globally?
o ysp_gen_metadata() is called from both hooks as well, which means
that we parse the updateinfo.xml.gz.twice. Why not just keep a
global UpdateMetadata object?
o ysp_show_pkg_md_info() -- This looks like it would best fit into
yum.update_md.UpdateNotice.__str__. Right now the __str__ for
UpdateNotices is a bit ugly, but improvements are definitely
welcome, and that seems like the place to do something like this.
Ideas/Suggestions:
o --{advisory,bz,cve} should be able to refine {list,info}-sec results
o list-sec should only list updates (id - nvr - title, or something),
instead of displaying details; while show-sec could simply just
`print notice` and allow the yum.update_md.UpdateNotice.__str__ to
do the rest.
I'm hoping to find some free time in the future to play around with this
a bit more, but it's looking good so far. I'm definitely in favor of
getting this into yum-utils as well.
luke
_______________________________________________
Yum-devel mailing list
[email protected]
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
