Hi,
I had an idea the security tracker folks might like to turn into a
GSoC/Outreachy project, hoping one of you would be willing to take on
mentoring for it. I've written up the idea here:
https://wiki.debian.org/SummerOfCode2015/ProjectProposals/SecurityTrackerCheckExternal
I would structure it such that there is a config file containing data
sources and Python code that can deal with common data source types.
Here are some data sources and other info as an example of that:
[redhat]
type = cve
year = 1999-now
download = https://www.redhat.com/security/data/cve/cve-{year}.html
url = https://access.redhat.com/security/cve/{cve}
[mitre]
type = cve
vendor = SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU
download = https://cve.mitre.org/data/refs/refmap/source-{vendor}.html
url = https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve}
[gnutls]
type = id
download = http://www.gnutls.org/security.html
url = http://www.gnutls.org/security.html#{id}
id-match = GNUTLS-SA-[0-9]{4,}-[0-9]+
[drupal-core]
type = id
download = https://www.drupal.org/security
url = https://www.drupal.org/{id}
id-match = SA-CORE-[0-9]{4,}-[0-9]+
prefix = DRUPAL-
[drupal-contrib]
type = url
download = https://www.drupal.org/security
id-match = SA-CONTRIB-[0-9]{4,}-[0-9]+
prefix = DRUPAL-
[nodesecurity]
type = url
download = https://nodesecurity.io/advisories
href-match = /advisories/[a-z_]+
link = download
[redmine]
type = diff-text
download = https://www.redmine.org/projects/redmine/wiki/Security_Advisories
[jvn]
type = id
download = https://jvn.jp/en/jp/all.html
id-match = JVN#[0-9A-F]{8,}
url = https://jvn.jp/en/jp/{id}/
[lwn]
type = ?
download = ?
text-match = [Ss]ecurity.(updates|advisories)
--
bye,
pabs
https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part