Pacemaker Configuration System
552ef44f2f
This should help ProdSec accurately detect versions of bundled components in pcs. Security analysts usually filter the database based on ecosystem. The ecosystem detection has been done from RPM metadata for some time and that is when ProdSec stopped creating trackers accurately. The problem is that we didn't follow the Fedora Packaging Guidelines and didn't name the bundled components with package names as if they were entering Fedora. The ecosystem detection in Deptopia (the tool that ProdSec uses) expects "rubygem-" prefix for rubygems and "python[X]-" prefix for Python ecosystem. See PSDEVOPS-4408 for more details. This commit also changes metadata for bundling JavaScript libraries. The Packaging guidelines suggest the `js-` prefix. While Deptopia doesn't handle JS filtering, the tool that ProdSec uses doesn't require a strict match, so searching for jquery should also return js-jquery unless a strict flag is specified. |
||
|---|---|---|
| .fmf | ||
| .gitignore | ||
| do-not-support-cluster-setup-with-udp-u-transport.patch | ||
| gating.fmf | ||
| gating.yaml | ||
| HAM-logo.png | ||
| pcs.spec | ||
| prepare-env.sh | ||
| RHEL-17280-01-disable-new-webui-routes.patch | ||
| RHEL-65595-stop-sending-http-headers-to-ruby-part-of-pcsd.patch | ||
| RHEL-90147-support-for-query-limits-in-rack.patch | ||
| rpminspect.yaml | ||
| sources | ||
