[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format

On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote:
> Traditionally Debian security advisories have included MD5 check sums
> of the updated packages. This was introduced at a time when apt didn't
> exist yet and BIND was at version 4.
> 
> Since apt cryptographically enforces the integrity of the archive for
> quite some time now, we've decided to finally drop the hash values
> from our advisory mails.

thanks for all your work on the security team!  i'm glad to hear this! 

> We'll also change some details of the advisory format in the upcoming
> months.

i'm curious about some of the possible changes in the format. namely:

will new advisories be in a machine parseable format?

will it include a list of affected binary packages (in addition to source
packages)? 

what other information will it include?

some of this could make it much easier to script checks for security available
or completed updates on medium to large networks.

thanks again.

live well,
  vagrant
Reply to: