Re: [d-security] script for security update notification
On Fri, May 24, 2002 at 03:54:48PM +0200, Christian Hammers wrote:
> On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote:
> > 1) Check the Debian security announcement list.
> > 2) Compare new announcements to the local package database.
> > 3) If vulnerable packages installed, send an 'I need updated' email to
> > an address defined by the SysAdmin.
> Another nice approach would be to archive all changelog entries (maybe the
> installer could extract them for you), scan them for tag=security or
> severity=high and build a database of "unwanted" packages that can be
> compared with "dpkg -l" by the admins. This way you could attach the
> relevant changelog entry to your "I need an update" mail.
See the 'harden' packages for similar work (without the changelog bits).
> Even more nice would be an extension to "apt-cache show" that shows all
> changelog entries after the installed version. Could then be used as
> source for your program to, but needs more work as the changelogs would
> have to be distributed alongside the package descriptions, too.
If there were any way to retrieve package changelogs without downloading the
source package or all binary packages, apt-listchanges would already do
I wrote a program to extract changelogs from source packages and place them
in a relational database, and a CGI program to fetch changelogs for an
arbitrary range of versions, but it would have to be run automatically from
katie or such to be useful, and I got no response to inquiries about that.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org