[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format


On Sat Dec 18, 2010 at 16:47:47 -0800, Vagrant Cascadian wrote:
> On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote:
> > Traditionally Debian security advisories have included MD5 check sums
> > of the updated packages. This was introduced at a time when apt didn't
> > exist yet and BIND was at version 4.
> > 
> > Since apt cryptographically enforces the integrity of the archive for
> > quite some time now, we've decided to finally drop the hash values
> > from our advisory mails.
> thanks for all your work on the security team!  i'm glad to hear this! 
> > We'll also change some details of the advisory format in the upcoming
> > months.
> i'm curious about some of the possible changes in the format. namely:
> will new advisories be in a machine parseable format?
> will it include a list of affected binary packages (in addition to source
> packages)? 

ACK. +1


 Martin Zobel-Helas <zobel@debian.org>  | Debian System Administrator
 Debian & GNU/Linux Developer           |           Debian Listmaster
 Public key http://zobel.ftbfs.de/5d64f870.asc   -   KeyID: 5D64 F870
 GPG Fingerprint:  5DB3 1301 375A A50F 07E7  302F 493E FB8E 5D64 F870

Reply to: