From owner-freebsd-hackers Tue Apr 24 4: 2:51 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from idiom.com (idiom.com [216.240.32.1]) by hub.freebsd.org (Postfix) with ESMTP id AF14E37B423 for ; Tue, 24 Apr 2001 04:02:48 -0700 (PDT) (envelope-from rdm@cfcl.com) Received: from cfcl.com (cpe-24-221-169-54.ca.sprintbbd.net [24.221.169.54]) by idiom.com (8.9.3/8.9.3) with ESMTP id EAA64866 for ; Tue, 24 Apr 2001 04:02:48 -0700 (PDT) Received: from [192.168.168.205] (cerberus [192.168.168.205]) by cfcl.com (8.11.1/8.11.1) with ESMTP id f3OB42V52817 for ; Tue, 24 Apr 2001 04:04:02 -0700 (PDT) (envelope-from rdm@cfcl.com) Mime-Version: 1.0 Message-Id: In-Reply-To: <200104240743.f3O7h2809740@harmony.village.org> References: <200104240743.f3O7h2809740@harmony.village.org> Date: Tue, 24 Apr 2001 04:00:20 -0700 To: freebsd-hackers@FreeBSD.ORG From: Rich Morin Subject: Re: automated checking of Security Advisories Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG A private note inquired: >> Then, a Perl script on the local machine could look up the >> advisories, run the tests, and report the results > >What exactly does this buy me, other than additional delays, >over what I get now? Nothing in this proposal would supplant the advisories for those who prefer to get them directly. Thus, no delay need be involved. OTOH, a script can perform an automated check for all current advisories, in the context of the local system configuration. This could save a lot of manual checking, head-scratching, etc. At 1:43 AM -0600 4/24/01, Warner Losh wrote: >As near as I can tell, NetBSD's /usr/pkgsrc stuff has this already. >It would be cool if someone would port that to /usr/ports. The client script needs two kinds of information: * criteria that allows checking for the existence of a problem (e.g., which package(s) must be present and enabled, in which version(s), to allow the problem to manifest itself) The problem may only be relevant for particular versions of the base system, or even for certain combinations of a given base system with a given set of packages. Thus, the criteria must detail everything that the script needs to check. * local information against which the criteria can be checked (e.g., which packages are present and enabled, in which versions) The local system must supply (either explicitly or implicitly) enough information to allow a script to check the criteria. If /usr/pkgsrc supplies better local information for packages, that makes the script's job easier, but criteria are still needed. The current advisories are enough to allow a sysadmin to look at files, think about things, and make a determination. They aren't enough for a (simple :-) script to go by, however. This is somewhat analogous to the difference between a package's README file and the Ports Makefile for the same package. The first is a human-readable description; the second is a machine-interpretable recipe. -r -- http://www.cfcl.com/rdm - home page, resume, etc. http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser email: rdm@cfcl.com; phone: +1 650-873-7841 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message