From owner-freebsd-hackers Mon Apr 23 22:29:40 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from idiom.com (idiom.com [216.240.32.1]) by hub.freebsd.org (Postfix) with ESMTP id 1AB7937B422 for ; Mon, 23 Apr 2001 22:29:38 -0700 (PDT) (envelope-from rdm@cfcl.com) Received: from cfcl.com (cpe-24-221-169-54.ca.sprintbbd.net [24.221.169.54]) by idiom.com (8.9.3/8.9.3) with ESMTP id WAA13483 for ; Mon, 23 Apr 2001 22:29:37 -0700 (PDT) Received: from [192.168.168.205] (cerberus [192.168.168.205]) by cfcl.com (8.11.1/8.11.1) with ESMTP id f3O5UmV48968 for ; Mon, 23 Apr 2001 22:30:48 -0700 (PDT) (envelope-from rdm@cfcl.com) Mime-Version: 1.0 Message-Id: Date: Mon, 23 Apr 2001 22:27:22 -0700 To: freebsd-hackers@FreeBSD.ORG From: Rich Morin Subject: automated checking of Security Advisories Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a partly-baked idea regarding the security advisories that I see on freebsd-announce. While I applaud the intent of these notices, I wonder if some sort of automation might not make them a bit more useful. Let's say we encoded the advisories in XML and put them up for HTTP access, encoding the version characterization information (e.g., Affects) in some mechanically-usable fashion. Then, a Perl script on the local machine could look up the advisories, run the tests, and report the results, all without compromising the privacy of the local system. I am quite willing to write a first cut at the client code, but I think I need to get some buy-in from the folks who are generating the advisories. Specifically, I need version characterization data in a form which can be reliably used by an automated script. Is this generally a feasible thing to provide? If so, the rest seems pretty simple. I can read the advisories as they come in over email, parse them and munge them into XML (with a bit of hand-work, if need be) and put them up for general access. -r -- http://www.cfcl.com/rdm - home page, resume, etc. http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser email: rdm@cfcl.com; phone: +1 650-873-7841 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message