Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Apr 2001 16:48:27 +0200
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        "Andrew R. Reiter" <arr@watson.org>, Rich Morin <rdm@cfcl.com>, freebsd-hackers@FreeBSD.ORG
Subject:   Re: automated checking of Security Advisories
Message-ID:  <20010425164827.I17348@mail.webmonster.de>
In-Reply-To: <20010424122758.A90366@xor.obsecurity.org>; from kris@obsecurity.org on Tue, Apr 24, 2001 at 12:27:58PM -0700
References:  <20010424121130.C89819@xor.obsecurity.org> <Pine.NEB.3.96L.1010424151816.20031B-100000@fledge.watson.org> <20010424122758.A90366@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway(kris@obsecurity.org)@2001.04.24 12:27:58 +0000:
> This is another reason why having a third-party modifying the advisory
> to mark it up into XML is a bad idea; you lose the integrity
> protection from the PGP signature.
that taken as a solid basis for authenticity and integrity of the
advisories, how will the to-be-parsed section look like?

-----BEGIN FREEBSD PORT UPGRADE INFO-----
oldver: bind-8.2.2
newver: bind-8.2.3
repo: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/bind-8.2.3.pkg
notes: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/relnotes.txt
-----END FREEBSD PORT UPGRADE INFO-----

in ports it would also be feasible to create an 'uninstall' target, so
on could (cd /usr/ports && make update) and (cd /usr/ports/net/bind8 &&
make upgrade) where upgrade would be standard target (build i think),
uninstall, reinstall and uninstall would remove the _older_ package, in
this case 8.2.2. any ideas on how to implement this smoothly and safe?

btw, why do the package versions have to be tracked in the directory
name in /var/db/pkg? couldnt we just create a directory
/var/db/pkg/PORTNAME (in this case /var/db/pkg/bind8) and put a VERSION
file in there? automated upgrading would be much easier since we do not
have to grok the names of the directories of the installed ports (which
would be a point of unsafeness due to the port numbering/version scheme
which has /var/db/pkg/pkg-1.0.3 and /var/db/pkg/pkg2-2.0.9 which are the
same package but different major versions and we do not want to kill
pkg1 when we upgrade pkg2, so filename parsing really gets a little
complicated here...)

does this make sense?

/k


-- 
> Hackers do it with bugs.
KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de
[Key] [KeyID---] [Created-] [Fingerprint-------------------------------------]
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425164827.I17348>