You are not logged in.
https://www.archlinux.org/packages/test … _64/linux/
https://www.archlinux.org/packages/core/x86_64/linux/
Both pages are linking to the same "View Changes" - https://git.archlinux.org/svntogit/pack … ages/linux
How to distinguish the commits to the two different Packages in Testing and Core ?
Even if I go into commit details in diffstat section, there is no reference if this was applied to Testing or Core ?
Or did I miss something ?
Thanks.
Last edited by ua4000 (2017-10-03 08:15:39)
Offline
path: root/trunk
You need to check what is in:
root/repos/core-i686
root/repos/core-x86_64
root/repos/testing-i686
root/repos/testing-x86_64
See: https://git.archlinux.org/svntogit/pack … ages/linux
The trunk is updated with changes and at one stage those changes are built as core, and then later on after more changes they are built (`archrelease`d) as testing. (And later, testing is `db-move`d to core.)
Last edited by eschwartz (2017-09-28 20:35:56)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Ah - I now see the `archrelease`d and `db-move`d - Thanks!
But I still find it difficult to see, e.g. when 4.12... was replaced by 4.13... in Core at a quick glance at the website.
Or if a CVE-2017... security patch made it into Core and since when exactly was it available for the users.
Offline
By taking a closer look, and not trying to find some way of getting a "quick glance" at seeing wholly by commit messages the exact details of what changed in each version.
You can either scrutinize the commit diff in each archrelease, or if all you want to know is when a CVE patch is applied, this is why Arch Linux has a Security Tracker linked in the navigation bar used as a header on all our websites.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
if all you want to know is when a CVE patch is applied, this is why Arch Linux has a Security Tracker linked in the navigation bar used as a header on all our websites.
https://security.archlinux.org/CVE-2017-1000251 shows all fixed great.
https://security.archlinux.org/AVG-331 shows status unknown instead of fixed by https://git.kernel.org/pub/scm/linux/ke … 150fd6a803 / https://git.kernel.org/pub/scm/linux/ke … 20de2b8021
https://security.archlinux.org/CVE-2017-1000364 shows fixed apart from linux-lts was it not fixed by https://git.kernel.org/pub/scm/linux/ke … 2789b5421e in 4.9.34 see https://cdn.kernel.org/pub/linux/kernel … Log-4.9.34
CVE-2017-14340 as another example does not have an entry.
Offline
This is beyond my pay grade, I'm afraid. You should probably speak to the members of the security team.
Most coordination is done via IRC, so if you comment in #archlinux-security on freenode, I'm sure they'll be happy to update the AVGs in question.
Last edited by eschwartz (2017-10-02 23:30:56)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Thanks for all your replys and your time!
Offline