• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Advanced
• Log In
• Sign Up
• Help
  • Help Wiki
  • Contact Wiki Admin
• Report an Issue
  • Report a Wiki Space Issue
  • Report a Site Wide Issue

1. Wikis Home
2. Multi-platform Packaging for Layered Distros
3. …
4. Multi-platform Packaging for Layered Distros
5. Producing and Maintaining Packages
6. Packaging Best Practices - Identifying Security Changes in Packages

• Log In

Packaging Best Practices - Identifying Security Changes in Packages

• Attachments:1
• Added by ckasso, last edited by ckamps on Aug 23, 2009  (view change)

Comment:

> Producing and Maintaining Packages

Overview

Beginning with the release of Update Center 2.1 the updatetool and desktop notifier support identifying packages which contain relevant security changes. By identifying security updates the end user is able to make a better informed decision about which and when certain updates are applied.

Desktop Notifier Example

Best Practices

#	Title	Description
1.	Summary
1.1	Identify relevant security changes via package attribute.	If a package version contains relevant security changes then set the "security" keyword in the com.sun.service.keywords (com.sun.service.keywords) attribute. Remove this keyword in package revisions that do not contain any relevant security changes.

Details

In order for the Update Center tools to recognize packages which contain security related changes the package maintainer must indicate in the package via a package attribute keyword that the package contains changes which impact security.

When a package update contains a security related change the package com.sun.service.keywords (com.sun.service.keywords) attribute should contain the "security" keyword. The presence of this keyword indicates to the Update Center tools that this package contains security changes. This keyword should only be in revisions of packages which contain the security changes. Version of packages that do not contain any new security changes should not include the security keyword.

For example if version 1.0 of a product is installed and versions 1.1 and 1.2 become available in the package repository and version 1.1 includes the security keyword then the Update Center tools would recognize that an update to 1.2 involves security related changes. While version 1.2 does not contain the security keyword the package system will recognize that an update from 1.0 to 1.2 would generally include the changes included in 1.1 and thus the security changes would be included as well. The tools will then identify the update as including security changes.

This document does not provide a definition for "relevant security changes". Each product team in coordination with their broader organization should determine and document what class of changes will be identified as relevant to the security of the product.

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.