[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format

On 2010-12-19, Vagrant Cascadian <vagrant@freegeek.org> wrote:
> On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote:
>> Traditionally Debian security advisories have included MD5 check sums
>> of the updated packages. This was introduced at a time when apt didn't
>> exist yet and BIND was at version 4.
>> Since apt cryptographically enforces the integrity of the archive for
>> quite some time now, we've decided to finally drop the hash values
>> from our advisory mails.
> thanks for all your work on the security team!  i'm glad to hear this! 
>> We'll also change some details of the advisory format in the upcoming
>> months.
> i'm curious about some of the possible changes in the format. namely:
> will new advisories be in a machine parseable format?
> will it include a list of affected binary packages (in addition to source
> packages)? 
> what other information will it include?
> some of this could make it much easier to script checks for security available
> or completed updates on medium to large networks.

We're open for input here. Everyone is invited to send a list of needed
features to team@security.debian.org. 

(We're having a security team meeting in January, during which we'll discuss
the new format)


Reply to: