SCIENTIFIC-LINUX-USERS Archives

April 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Software Collections 1.0 is available for SL 6 (fwd)
From:
olli hauer <[log in to unmask]>
Reply To:
olli hauer <[log in to unmask]>
Date:
Fri, 25 Apr 2014 17:27:28 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
On 2014-04-25 15:25, Pat Riehecky wrote:
> On 04/24/2014 04:21 PM, Orion Poplawski wrote:
>> On 10/17/2013 02:27 PM, Connie Sieh wrote:
>>> ---------- Forwarded message ----------
>>> Date: Thu, 17 Oct 2013 15:25:39 -0500
>>> From: Connie Sieh <[log in to unmask]>
>>> To: [log in to unmask]
>>> Subject: Software Collections 1.0 is available  for SL 6
>>>
>>> The following TUV "software collection" products are now available for SL 6.
>>>
>>> A README with info about yum repos for these packages is available from
>>> ftp://sldist.fnal.gov/linux/scientific/6x/external_products/softwarecollecti
>>> ons/README
>>
>> Any chance of yum-conf-softwarecollections ending up in the main SL repos?
>>
>>
> 
> That's an interesting idea.  Lets take it to the devel list and see what people think.

@me not subscribed to the devel@ list so giving my rant here.

The versions provided in softwarecollections have almost already known vulnerabilities.

Picking only the latest CVE entires retrieved after softwarecollections publish date.

php-5.4: CVE-2013-6420
postgresql: CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067
python27 / python33: CVE-2014-1912
ruby193: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417

Until the collection gets more notice from upstream I don't think it is a good idea to provide yum-conf-softwarecollection.

-- 
Regards,
olli

ATOM RSS1 RSS2