Date: Wed, 25 Apr 2001 16:48:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Kris Kennaway <kris@obsecurity.org> Cc: "Andrew R. Reiter" <arr@watson.org>, Rich Morin <rdm@cfcl.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: automated checking of Security Advisories Message-ID: <20010425164827.I17348@mail.webmonster.de> In-Reply-To: <20010424122758.A90366@xor.obsecurity.org>; from kris@obsecurity.org on Tue, Apr 24, 2001 at 12:27:58PM -0700 References: <20010424121130.C89819@xor.obsecurity.org> <Pine.NEB.3.96L.1010424151816.20031B-100000@fledge.watson.org> <20010424122758.A90366@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway(kris@obsecurity.org)@2001.04.24 12:27:58 +0000: > This is another reason why having a third-party modifying the advisory > to mark it up into XML is a bad idea; you lose the integrity > protection from the PGP signature. that taken as a solid basis for authenticity and integrity of the advisories, how will the to-be-parsed section look like? -----BEGIN FREEBSD PORT UPGRADE INFO----- oldver: bind-8.2.2 newver: bind-8.2.3 repo: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/bind-8.2.3.pkg notes: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/relnotes.txt -----END FREEBSD PORT UPGRADE INFO----- in ports it would also be feasible to create an 'uninstall' target, so on could (cd /usr/ports && make update) and (cd /usr/ports/net/bind8 && make upgrade) where upgrade would be standard target (build i think), uninstall, reinstall and uninstall would remove the _older_ package, in this case 8.2.2. any ideas on how to implement this smoothly and safe? btw, why do the package versions have to be tracked in the directory name in /var/db/pkg? couldnt we just create a directory /var/db/pkg/PORTNAME (in this case /var/db/pkg/bind8) and put a VERSION file in there? automated upgrading would be much easier since we do not have to grok the names of the directories of the installed ports (which would be a point of unsafeness due to the port numbering/version scheme which has /var/db/pkg/pkg-1.0.3 and /var/db/pkg/pkg2-2.0.9 which are the same package but different major versions and we do not want to kill pkg1 when we upgrade pkg2, so filename parsing really gets a little complicated here...) does this make sense? /k -- > Hackers do it with bugs. KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de [Key] [KeyID---] [Created-] [Fingerprint-------------------------------------] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425164827.I17348>