Re: Scalable Debian vulnerability tracking [REDUX]
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 06 January 2009 23:28:29 Erik Harrison wrote:
> actually, if you do find something that does this, dont publish
> anything. start a company.
No thanks. Just got out of that game and am thoroughly enjoying being
an employee in an organisation that recognizes the value of open source
and encourages contribution. :-)
On Wednesday 07 January 2009 06:39:53 Luis Mondesi wrote:
> Is there anything wrong with using cfengine for this?
Nothing wrong with that. In fact, we'll be using Puppet instead. But
yes, it would certainly be better to just keep up to date with updates
in a near-fully automated fashion.
But we won't be done with that this quarter, and for some time after
we're done, we'll still want to monitor that we're getting it right.
On Wednesday 07 January 2009 02:44:46 Jonas Andradas wrote:
> If you can modify the mail system of each host, you could create an
> exim4 router and transport that will accept mail for a local user
> (lets call it "SecMonitor") which would pipe the output of debsecan
> to a script (be it shell, perl, python or anything you choose).
Interesting. I hadn't considered letting debsecan do the work but
obviating SMTP as the transport protocol.
I'll have a think about whether I like the idea of leaving the work of
the vulnerability resolver up to the client hosts. It opens the door
for decentralized local policy configuration, which is good and
On Wednesday 07 January 2009 00:24:09 R. W. Rodolico wrote:
> I have a package that we have been working on for a while that might
> be a good starting point.
> This is gpl'd, and I would be happy to supply the .deb, the source
> tree or svn access if you would like to look at it.
Suppressing my knee-jerk reaction to PHP, it sounds like you're quite
far down the track with this one. :-)
I'd love to see what you've got, and from the sound of it, at least one
other person on this list would like to see it too. SVN access would
be first prize, but a source tarball might be easier for you to arrange
if you elect to disclose a URL here.
On Wednesday 07 January 2009 01:45:36 Moritz Muehlenhoff wrote:
> We have an extensive HOWTO on how the Debian Security
> Tracker works:
This is gold, thank you. Is there also an explanation of the file
format of the debsecan feeds, though? By debsecan feeds, I mean the
libz-compressed files such as
In particular, I'm still unclear on how to interpret the
unstable_version and other_versions fields.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----