Date: Fri, 15 Dec 2000 20:09:57 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Some Person <ntvsunix@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Update Tool.. Message-ID: <20001215200957.A10030@citusc.usc.edu> In-Reply-To: <F184Mum03yMJiQTyfPe00000f1e@hotmail.com>; from ntvsunix@hotmail.com on Sat, Dec 16, 2000 at 12:16:29AM %2B0000 References: <F184Mum03yMJiQTyfPe00000f1e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 16, 2000 at 12:16:29AM +0000, Some Person wrote: > My question is, is there a util yet that in theory (maybe if so, or if=20 > someone writes one would work differently than what I'm imagining) querie= s a=20 > central database with all the security advisories, checks the local syste= m=20 > for comparisons and vulnerabilities against that database and reports to = the=20 > user who ran the util. Not at present - I was talking to someone a few months ago about doing exactly this: the existing security advisories we publish contain all of the information you need to implement such a thing (at least for ports), although we'd probably need to structure them more rigidly so they can be machine-parsed. However nothing concrete has materialised yet, so there's still plenty of room for interested contributors to step up and help :-) Note that identification of vulnerabilities is different from automated correction of vulnerabilities - in order to do that it needs some fairly complicated infrastructure in the ports system to upgrade ports/packages and handle dependencies etc. Not that I want to dissuade anyone from working on this very worthy project :-) Kris --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6OusRWry0BWjoQKURAkssAKC2aH4/AVM32jSAhv01iQS8fOYP1gCg27a6 EywiLz/klv4eZ5uK5s6g/eU= =rpuO -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001215200957.A10030>