On 2014-04-25 15:25, Pat Riehecky wrote:
> On 04/24/2014 04:21 PM, Orion Poplawski wrote:
>> On 10/17/2013 02:27 PM, Connie Sieh wrote:
>>> ---------- Forwarded message ----------
>>> Date: Thu, 17 Oct 2013 15:25:39 -0500
>>> From: Connie Sieh <[log in to unmask]>
>>> To: [log in to unmask]
>>> Subject: Software Collections 1.0 is available for SL 6
>>>
>>> The following TUV "software collection" products are now available for SL 6.
>>>
>>> A README with info about yum repos for these packages is available from
>>> ftp://sldist.fnal.gov/linux/scientific/6x/external_products/softwarecollecti
>>> ons/README
>>
>> Any chance of yum-conf-softwarecollections ending up in the main SL repos?
>>
>>
>
> That's an interesting idea. Lets take it to the devel list and see what people think.
@me not subscribed to the devel@ list so giving my rant here.
The versions provided in softwarecollections have almost already known vulnerabilities.
Picking only the latest CVE entires retrieved after softwarecollections publish date.
php-5.4: CVE-2013-6420
postgresql: CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067
python27 / python33: CVE-2014-1912
ruby193: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417
Until the collection gets more notice from upstream I don't think it is a good idea to provide yum-conf-softwarecollection.
--
Regards,
olli