From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: kdesu security update needed Date: Sun, 02 Oct 2016 15:34:44 +0200 Message-ID: <87wphqg9hn.fsf@gnu.org> References: <20160929152353.GA6330@jasmine> <20160929204932.GA25044@jasmine> <87eg40i7nq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41880) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bqgur-0001lh-JK for guix-devel@gnu.org; Sun, 02 Oct 2016 09:34:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bqgun-0003OW-D8 for guix-devel@gnu.org; Sun, 02 Oct 2016 09:34:52 -0400 In-Reply-To: (David Craven's message of "Sat, 1 Oct 2016 14:59:13 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: David Craven Cc: guix-devel David Craven skribis: > One question that wasn't answered yet in your description and the > manual is how the linter detects when a package is patched. I assume > it looks at the applied patch names see if they contain a CVE code? Exactly: it checks the version number and the name of the applied patches. Ludo=E2=80=99.