Re: remove xview?
Paul Wise <pabs@debian.org> wrote:
> On Jan 15, 2008 6:29 AM, Jack T Mudge III <jakykong@theanythingbox.com> wrote:
>
>> Sometimes I wish there were a security warning system in dpkg. Say, a user
>> loads up Synaptic (or Adept, depending), and when they try to install a
>> dangerous package -- maybe a server that opens ports by default -- they get a
>> textual warning summarizing the problems, and pointing them to more
>> information (/usr/share/doc/pkg_name/SECURITY, perhaps?).
>
> There is debsecan, which looks up information from here:
>
> http://security-tracker.debian.net/
>
> It doesn't seem to offer integration with dpkg or apt yet.
>
> It produces a daily mail about which vulnerabilities exist on your
> system, which have been fixed and which packages have new
> vulnerabilities.
Yes, but it only tracks known vulnerabilities. But what we really need
(and what Jack seems to have suggested) is a general warning to
indicate, that this package is a fringe package and might contain
serious bugs since noone except the author has read the source code
or that it in unsupported security-wise (we'll need to revoke security
support for firebird 1.5 inside Etch, e.g.).
Actually, it's been planned to add debtags for that. Enrico Zini
has also made a prototype implementation [1], but we haven't been
able to push it further, unfortunately (since regular security triage
sucks away all the available time recently). If someone wants to
drive this further, so that it's available in Lenny, please get in
contact with me and I'll outline what's necessary. After all it's
a QA aspect as well.
[1] See the thread "New 'maint' facet for Debtags" in debian-devel
Cheers,
Moritz
Reply to: