Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format
Hi,
On Sat Dec 18, 2010 at 16:47:47 -0800, Vagrant Cascadian wrote:
> On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote:
> > Traditionally Debian security advisories have included MD5 check sums
> > of the updated packages. This was introduced at a time when apt didn't
> > exist yet and BIND was at version 4.
> >
> > Since apt cryptographically enforces the integrity of the archive for
> > quite some time now, we've decided to finally drop the hash values
> > from our advisory mails.
>
> thanks for all your work on the security team! i'm glad to hear this!
>
> > We'll also change some details of the advisory format in the upcoming
> > months.
>
> i'm curious about some of the possible changes in the format. namely:
>
> will new advisories be in a machine parseable format?
>
> will it include a list of affected binary packages (in addition to source
> packages)?
ACK. +1
YAML?
--
Martin Zobel-Helas <zobel@debian.org> | Debian System Administrator
Debian & GNU/Linux Developer | Debian Listmaster
Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870
GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870
Reply to: