[Mageia-dev] Mageia Advisories Database
nicolas vigier
boklm at mars-attacks.org
Tue Jun 28 17:58:20 CEST 2011
On Tue, 28 Jun 2011, Michael Scherer wrote:
> Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit :
> > On Tue, 28 Jun 2011, nicolas vigier wrote:
> >
> > > In order to send updates advisories, and have a web page listing all
> > > previous advisories, we need to create a database to store them.
> > >
> > > So I think it should have the following info for each advisory :
> > >
> > > - advisory ID: something like MGA-[NUMBER] ?
> > > - advisory date
> > > - affected source packages
> > > - affected distribution versions
> > > - CVE numbers
> > > - list of binary packages with sha1sum
> Is there people that really check them ?
> ( since there is already gpg and checksum in rpm that can be checked
> automatically, I do not see the point in having this when it requires
> another manual check )
Most other distributions include this in their advisories. But yes, it's
not very useful, so we can probably remove the sha1.
>
> > > - Mageia Bug #
> > > - Reference URLs
> > > - advisory text
> > >
> > > Anything else ?
> >
> > - severity
> Adding severity would requires us to have precise rules about it, and
> would not mean much, and likely lots of bike shedding about it.
>
> And also, what is the use precisely ?
>
> > - whether this is a security issue or a non-security bugfix
> What if there is more than 1 fix ( like a firefox upgrade ) ?
If at least one of them is security, then it's a security update.
More information about the Mageia-dev
mailing list