Date: Tue, 24 Apr 2001 04:00:20 -0700 From: Rich Morin <rdm@cfcl.com> To: freebsd-hackers@FreeBSD.ORG Subject: Re: automated checking of Security Advisories Message-ID: <p05001910b70b07f09caf@[192.168.168.205]> In-Reply-To: <200104240743.f3O7h2809740@harmony.village.org> References: <p0500190bb70abb629b4c@[192.168.168.205]> <200104240743.f3O7h2809740@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
A private note inquired:
>> Then, a Perl script on the local machine could look up the
>> advisories, run the tests, and report the results
>
>What exactly does this buy me, other than additional delays,
>over what I get now?
Nothing in this proposal would supplant the advisories for those who
prefer to get them directly. Thus, no delay need be involved. OTOH,
a script can perform an automated check for all current advisories,
in the context of the local system configuration. This could save a
lot of manual checking, head-scratching, etc.
At 1:43 AM -0600 4/24/01, Warner Losh wrote:
>As near as I can tell, NetBSD's /usr/pkgsrc stuff has this already.
>It would be cool if someone would port that to /usr/ports.
The client script needs two kinds of information:
* criteria that allows checking for the existence of a problem
(e.g., which package(s) must be present and enabled, in which
version(s), to allow the problem to manifest itself)
The problem may only be relevant for particular versions of the
base system, or even for certain combinations of a given base
system with a given set of packages. Thus, the criteria must
detail everything that the script needs to check.
* local information against which the criteria can be checked
(e.g., which packages are present and enabled, in which versions)
The local system must supply (either explicitly or implicitly)
enough information to allow a script to check the criteria. If
/usr/pkgsrc supplies better local information for packages, that
makes the script's job easier, but criteria are still needed.
The current advisories are enough to allow a sysadmin to look at files,
think about things, and make a determination. They aren't enough for
a (simple :-) script to go by, however. This is somewhat analogous to
the difference between a package's README file and the Ports Makefile
for the same package. The first is a human-readable description; the
second is a machine-interpretable recipe.
-r
--
http://www.cfcl.com/rdm - home page, resume, etc.
http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser
email: rdm@cfcl.com; phone: +1 650-873-7841
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05001910b70b07f09caf>