Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format
On 2010-12-19, Vagrant Cascadian <vagrant@freegeek.org> wrote:
> On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote:
>> Traditionally Debian security advisories have included MD5 check sums
>> of the updated packages. This was introduced at a time when apt didn't
>> exist yet and BIND was at version 4.
>>
>> Since apt cryptographically enforces the integrity of the archive for
>> quite some time now, we've decided to finally drop the hash values
>> from our advisory mails.
>
> thanks for all your work on the security team! i'm glad to hear this!
>
>> We'll also change some details of the advisory format in the upcoming
>> months.
>
> i'm curious about some of the possible changes in the format. namely:
>
> will new advisories be in a machine parseable format?
>
> will it include a list of affected binary packages (in addition to source
> packages)?
>
> what other information will it include?
>
> some of this could make it much easier to script checks for security available
> or completed updates on medium to large networks.
We're open for input here. Everyone is invited to send a list of needed
features to team@security.debian.org.
(We're having a security team meeting in January, during which we'll discuss
the new format)
Cheers,
Moritz
Reply to: