On Fri, Jun 23, 2023, 18:41 Josh Boyer <jwbo...@fedoraproject.org> wrote:
> > > On Fri, Jun 23, 2023, 3:20 PM Michael Catanzaro <mcatanz...@redhat.com> > wrote: > >> On Fri, Jun 23 2023 at 01:27:24 PM -0400, Josh Boyer >> <jwbo...@fedoraproject.org> wrote: >> > Which means equivalent fixes are in CentOS Stream and anyone wanting >> > to recreate exactly what is in RHEL is welcome to backport that code >> > from CentOS Stream or upstream. >> >> Yes, but that's going to be pretty hard to do if you cannot see what >> needs to be backported because you don't have a Customer Portal >> subscription. :) >> > > Yes, the work you do is not easy. > > In this particular case, there are two CVEs fixed somewhere in the >> middle of maybe 100 other upstream changes, and the correspondence >> between CVE vs. upstream commit is intentionally not public to >> discourage distros from backporting individual security fixes. (It's >> not a smart idea. Only 5% of WebKit security bugs get CVEs. I sometimes >> do security backports for RHEL anyway for regulatory rather than >> security reasons.) Anyway, to figure out what to backport in order to >> match what's in RHEL, you'd have to either somehow get access to the >> RHEL SRPM, or else email me and ask what to do. >> > > Or build up a knowledge of the code base that allows one to do it > themselves. > > I don't really have any strong opinion about this change. Just pointing >> out that it's going to be effectively impossible to reverse-engineer >> RHEL from CentOS Stream. Let's not pretend that's realistic. Rebuilders >> are going to need to get copies of the RHEL SRPMs somehow if they want >> to match RHEL, and they do. >> > > I don't think it's impossible. I think it requires work, skill, and > investment. > if only that time, skill, and investment wasn't doing useless re-work, and could be spent on contributing to Stream. > josh > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue