[Mageia-dev] Mageia Advisories Database

Michael Scherer misc at zarb.org
Tue Jun 28 17:33:07 CEST 2011


Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit :
> On Tue, 28 Jun 2011, nicolas vigier wrote:
> 
> > In order to send updates advisories, and have a web page listing all
> > previous advisories, we need to create a database to store them.
> >
> > So I think it should have the following info for each advisory :
> >
> > - advisory ID: something like MGA-[NUMBER] ?
> > - advisory date
> > - affected source packages
> > - affected distribution versions
> > - CVE numbers
> > - list of binary packages with sha1sum
Is there people that really check them ?
( since there is already gpg and checksum in rpm that can be checked
automatically, I do not see the point in having this when it requires
another manual check )

> > - Mageia Bug #
> > - Reference URLs
> > - advisory text
> >
> > Anything else ?
> 
> - severity
Adding severity would requires us to have precise rules about it, and
would not mean much, and likely lots of bike shedding about it.

And also, what is the use precisely ?

> - whether this is a security issue or a non-security bugfix
What if there is more than 1 fix ( like a firefox upgrade ) ?
And what's the use ?

I would recommend looking at CVRF and OSVDB, but that's only for
security issues.
-- 
Michael Scherer



More information about the Mageia-dev mailing list