On Sun, Dec 14, 2008 at 10:11:23PM +0100, Florian Weimer wrote: > > I think debian should do all that it can to avoid lag in security > > updates, and that means getting the word out about the problem as soon > > as possible (not addressed here) as well as getting word out when a > > solution has been found asap (this suggestion addresses this problem). > > It would help if we were able automatically extract diffs from the > source RPMs published by other distributions. This is something that > should be scriptable, but it's not really trivial, either. I've been working on a tool to map binary package names across distributions: http://enricozini.org/2011/debian/distromatch/ and it can be queried at http://dde.debian.net/dde/q/distromatch/match/ or at http://dde.debian.net/distromatch-frontend.html or just deployed as a command line tool: http://www.enricozini.org/2011/debian/distromatch-deploy/ The results aren't so good at the moment because the data export from the rpm world is temporarily down, but I've just come back from Fosdem with a list of contacts for many distributions, and I'm going to follow them up so we should have reliable data exports and fine tuning from as many as possible. At the moment it matches binary package names, but if source package matching is needed it can be done, as the information is currently there. (I don't mean to propose distromatch as a solution to this issue, just it looks like it may be relevant here) Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature