[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] script for security update notification

On Fri, May 24, 2002 at 03:54:48PM +0200, Christian Hammers wrote:

> On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote:
> > 1) Check the Debian security announcement list.
> > 2) Compare new announcements to the local package database.
> > 3) If vulnerable packages installed, send an 'I need updated' email to
> > an address defined by the SysAdmin.
> Another nice approach would be to archive all changelog entries (maybe the
> installer could extract them for you), scan them for tag=security or
> severity=high and build a database of "unwanted" packages that can be
> compared with "dpkg -l" by the admins. This way you could attach the
> relevant changelog entry to your "I need an update" mail.

See the 'harden' packages for similar work (without the changelog bits).

> Even more nice would be an extension to "apt-cache show" that shows all
> changelog entries after the installed version. Could then be used as
> source for your program to, but needs more work as the changelogs would
> have to be distributed alongside the package descriptions, too.

If there were any way to retrieve package changelogs without downloading the
source package or all binary packages, apt-listchanges would already do

I wrote a program to extract changelogs from source packages and place them
in a relational database, and a CGI program to fetch changelogs for an
arbitrary range of versions, but it would have to be run automatically from
katie or such to be useful, and I got no response to inquiries about that.

 - mdz

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: