Date: Wed, 25 Apr 2001 19:47:19 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Mike Silbersack <silby@silby.com> Cc: Kris Kennaway <kris@obsecurity.org>, "Andrew R. Reiter" <arr@watson.org>, Rich Morin <rdm@cfcl.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: automated checking of Security Advisories Message-ID: <20010425194719.A39540@mail.webmonster.de> In-Reply-To: <Pine.BSF.4.31.0104251221180.7028-100000@achilles.silby.com>; from silby@silby.com on Wed, Apr 25, 2001 at 12:24:47PM -0500 References: <20010425164827.I17348@mail.webmonster.de> <Pine.BSF.4.31.0104251221180.7028-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack(silby@silby.com)@2001.04.25 12:24:47 +0000: > > On Wed, 25 Apr 2001, Karsten W. Rohrbach wrote: > > > oldver: bind-8.2.2 > > newver: bind-8.2.3 > > If we're going to flag insecure versions, I think a better way would be to > list "minimum version", which would indicate the lowest numbered version > you can safely run. This could also be incorporated into the Makefile for > each port so that pkg_version could issue alerts even before security > advisories are issued (or after, if you missed some advisories.) oldver was meant to be the latest version containing the bug the SA is about. when i think about it, there should be a field for the urgency of the patch since some bugs are not as serious as other ones. based on that scheme one could put up a periodic check script which send messages above some urgency level to a centralized administrative email account. i think this is something, admins of bigger server farms would like to have. > > Of course, there's the issue of bind 8.x.x versus 9.x.x. I'm not sure how > to resolve what minimum version would refer to. bind8 and bind9 are different ports. package tracking has to flag them correctly when installing the port/package as /var/db/pkg/bind8 and /var/db/pkg/bind9. i assume that it would make more sense to put the version number (like i described in the original post) in /var/db/pkg/somepackage/VERSION so it is easier for the port management tools to track versioning because of the really hairy directory parsing someone would have to implement. > > Mike "Silby" Silbersack > -- > CS Students do it in the pool. KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de [Key] [KeyID---] [Created-] [Fingerprint-------------------------------------] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425194719.A39540>