Re: Debian 3.0r1

To: Debian Development <debian-devel@lists.debian.org>
Cc: Brian May <bam@debian.org>
Subject: Re: Debian 3.0r1
From: Simon Law <sfllaw@uwaterloo.ca>
Date: Thu, 8 Aug 2002 01:15:33 -0400
Message-id: <[🔎] 20020808051533.GW6982@engmail.uwaterloo.ca>
Mail-followup-to: Debian Development <debian-devel@lists.debian.org>, Brian May <bam@debian.org>
In-reply-to: <[🔎] 20020808015543.GB313@snoopy.apana.org.au>
References: <20020725180702.GC12477@finlandia.infodrom.north.de> <20020725233548.GB23566@snoopy.apana.org.au> <1027674138.1130.8.camel@atlas> <20020727020750.GG15410@snoopy.apana.org.au> <20020729180311.GD9737@finlandia.infodrom.north.de> <20020729232427.GB11012@snoopy.apana.org.au> <20020730075731.GA10004@finlandia.infodrom.north.de> <20020731012119.GD30485@snoopy.apana.org.au> <20020731032141.GB23126@azure.humbug.org.au> <[🔎] 20020808015543.GB313@snoopy.apana.org.au>

On Thu, Aug 08, 2002 at 11:55:43AM +1000, Brian May wrote:
> On Wed, Jul 31, 2002 at 01:21:41PM +1000, Anthony Towns wrote:
> > You're talking about updates to security-related software: virus checkers,
> > scriptkiddie checkers, and the like. (Actually, to digress, are there
> > actually packages of this nature that work well?) The properties of that
> > sort of software is probably:
> > 
> > 	* when it gets out of date, it becomes substantially less usefull:
> > 	  a transparent web filter that's a few weeks old sucks when a new
> > 	  CodeRed type thing comes out; likewise an email virus checker
> > 	  that doesn't cope with the latest variant in .jpeg viruses
> > 
> > 	* "updates" often involve significant rewrites of code,
> > 	  rather than just changing a datafile, which could cause security
> > 	  problems of its own, and doesn't match the "backports only"
> > 	  policy for stable
> 
> ...what do we call these updates?
> 
> I think we need a formal name to prevent further confusion.

	May I suggest that these packages be called "recipe packages"
and the updates to them would be called "recipe updates."  You could
also s/recipe/rules/ if you hate that extra syllable.

	It seems to me that these packages would benefit from having a
recipes.debian.org which would export stable and unstable apt
repositories to the most recent recipes for various scanner and
detection packages.  As well, it could list yummy recipes for humans
consumption.  (But I only suggest this because it is late at night, and
I am susceptable to puns at this hour.)

	You'd probably want to rule such that packages uploaded to
recipes.d.o be of the form: snort-recipes_20030101_arch.deb and prohibit
anything that isn't a recipe.  I'd also wager that you'd want it outside
the US, as IIRC Nessus has such interesting (executable) plugins that it
uses when doing vulnerability scanning, these can be packaged in
something like nessus-recipes_20030101_i386.deb which can supercede the
current nessus-plugins package.

	Comments?

Simon

Reply to:

References:
- Re: Debian 3.0r1
  - From: Brian May <bam@debian.org>

Prev by Date: Re: attn: glut dependers
Next by Date: Re: Bug#155626: ITP: exiscan -- An email virus scanner for the exim MTA
Previous by thread: Re: Debian 3.0r1
Next by thread: attn: glut dependers
Index(es):
- Date
- Thread