Date: Tue, 24 Apr 2001 12:11:30 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Rich Morin <rdm@cfcl.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: automated checking of Security Advisories Message-ID: <20010424121130.C89819@xor.obsecurity.org> In-Reply-To: <p0500190bb70abb629b4c@[192.168.168.205]>; from rdm@cfcl.com on Mon, Apr 23, 2001 at 10:27:22PM -0700 References: <p0500190bb70abb629b4c@[192.168.168.205]>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZwgA9U+XZDXt4+m+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 23, 2001 at 10:27:22PM -0700, Rich Morin wrote: > I have a partly-baked idea regarding the security advisories that > I see on freebsd-announce. While I applaud the intent of these > notices, I wonder if some sort of automation might not make them a > bit more useful. >=20 > Let's say we encoded the advisories in XML and put them up for HTTP > access, encoding the version characterization information (e.g., > Affects) in some mechanically-usable fashion. Then, a Perl script > on the local machine could look up the advisories, run the tests, > and report the results, all without compromising the privacy of the > local system. Heh..I just sent off an email to someone on -stable suggesting this as a project. If you're interested you and he should work together; Roman Shterenzon <roman@xpert.com> was also looking at the project a while back but seems to have been sidetracked. My take on the problem is that XML is overkill and will only lead to tears: the problem we're trying to solve here is describing a range of affected package versions, which IMO can be done easily enough by just sticking a regex or glob in the advisory header and matching on that. pkg_version may be a logical place to stick this functionality since it already has code for parsing version numbers. Kris --ZwgA9U+XZDXt4+m+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65c/hWry0BWjoQKURAlBaAKDN1DHGcl3a/4SZXEkbNBIjoToL/QCgxBpp 1PpZEOKDx97rWSSu6oezcNs= =KLZj -----END PGP SIGNATURE----- --ZwgA9U+XZDXt4+m+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424121130.C89819>