From owner-freebsd-hackers Wed Apr 25 10:47:19 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with ESMTP id A879037B423 for ; Wed, 25 Apr 2001 10:47:15 -0700 (PDT) (envelope-from karsten@rohrbach.de) Received: (qmail 39840 invoked by uid 1000); 25 Apr 2001 17:47:19 -0000 Date: Wed, 25 Apr 2001 19:47:19 +0200 From: "Karsten W. Rohrbach" To: Mike Silbersack Cc: Kris Kennaway , "Andrew R. Reiter" , Rich Morin , freebsd-hackers@FreeBSD.ORG Subject: Re: automated checking of Security Advisories Message-ID: <20010425194719.A39540@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Mike Silbersack , Kris Kennaway , "Andrew R. Reiter" , Rich Morin , freebsd-hackers@FreeBSD.ORG References: <20010425164827.I17348@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from silby@silby.com on Wed, Apr 25, 2001 at 12:24:47PM -0500 X-Arbitrary-Number-Of-The-Day: 42 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mike Silbersack(silby@silby.com)@2001.04.25 12:24:47 +0000: > > On Wed, 25 Apr 2001, Karsten W. Rohrbach wrote: > > > oldver: bind-8.2.2 > > newver: bind-8.2.3 > > If we're going to flag insecure versions, I think a better way would be to > list "minimum version", which would indicate the lowest numbered version > you can safely run. This could also be incorporated into the Makefile for > each port so that pkg_version could issue alerts even before security > advisories are issued (or after, if you missed some advisories.) oldver was meant to be the latest version containing the bug the SA is about. when i think about it, there should be a field for the urgency of the patch since some bugs are not as serious as other ones. based on that scheme one could put up a periodic check script which send messages above some urgency level to a centralized administrative email account. i think this is something, admins of bigger server farms would like to have. > > Of course, there's the issue of bind 8.x.x versus 9.x.x. I'm not sure how > to resolve what minimum version would refer to. bind8 and bind9 are different ports. package tracking has to flag them correctly when installing the port/package as /var/db/pkg/bind8 and /var/db/pkg/bind9. i assume that it would make more sense to put the version number (like i described in the original post) in /var/db/pkg/somepackage/VERSION so it is easier for the port management tools to track versioning because of the really hairy directory parsing someone would have to implement. > > Mike "Silby" Silbersack > -- > CS Students do it in the pool. KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de [Key] [KeyID---] [Created-] [Fingerprint-------------------------------------] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message