Re: [scl.org] Python "latest" SCLo

Thu, 29 Jun 2017 09:52:05 -0700

Yes, thanks Dan. Many security scanning tools look for the latest version and flag older versions as being a potential risk. I wanted to be sure that this is what is happening, rather than collections not receiving security updates fast enough and actually missing an important CVE. 

On 06/29/2017 11:54 AM, Davis, Daniel (NIH/NLM) [C] wrote:



The DevOps team wants to update to the latest Python as a rule as a 
security from security mitigation technique.    I hope that makes sense.


*From:*Brian Gollaher [mailto:bgoll...@redhat.com]
*Sent:* Thursday, June 29, 2017 11:50 AM

*To:* Davis, Daniel (NIH/NLM) [C] <daniel.da...@nih.gov>; 
sclorg@redhat.com

*Subject:* Re: [scl.org] Python "latest" SCLo


Hi Dan.  May I ask a question?  Is your security team looking for a 
fix to a specific security problem or CVE or are they asking that you 
run the latest version as a rule?


thanks,
Brian

On 06/29/2017 11:24 AM, Davis, Daniel (NIH/NLM) [C] wrote:

    I’ve been lurking on this list for a while, and I wanted to bring
    myself up to date.   I noticed some talk of a community SCL for a
    “latest” Python, which would be a non-patched pure build of Python

    that is kept up-to-date by the community.   Where is that at?  
    Who is leading it?   How can I help?


    For background, we’ve used rh-python34 for some time, but our
    security team recently dinged us for sticking with Python 3.4.2,
    and my DevOps team (who have less time due to tickets), just

    recompiled Python 3.4.6 blind to get past the security problem.  
    I would have argued we should move to rh-python35, but that would

    eventually suffer the same problem.   What we need is a
    distribution that keeps up to date, but is still distributed as an
    rpm.

    Thanks,

    Dan Davis, Systems/Applications Architect (Contractor),

    Office of Computer and Communications Systems,

    National Library of Medicine, NIH




    _______________________________________________

    SCLorg mailing list

    SCLorg@redhat.com <mailto:SCLorg@redhat.com>

    https://www.redhat.com/mailman/listinfo/sclorg



--
Brian Gollaher
Red Hat Platform Product Management
Phone: 978 392-3173
Cell: 508 740-6549
bri...@redhat.com <mailto:bri...@redhat.com>


--
Brian Gollaher
Red Hat Platform Product Management
Phone: 978 392-3173
Cell: 508 740-6549
bri...@redhat.com


_______________________________________________
SCLorg mailing list
SCLorg@redhat.com
https://www.redhat.com/mailman/listinfo/sclorg






















					Reply via email to