[Mageia-dev] Mageia Advisories Database
nicolas vigier
boklm at mars-attacks.org
Tue Jun 28 17:32:46 CEST 2011
On Tue, 28 Jun 2011, Christiaan Welvaart wrote:
> On Tue, 28 Jun 2011, nicolas vigier wrote:
>
>> In order to send updates advisories, and have a web page listing all
>> previous advisories, we need to create a database to store them.
>>
>> So I think it should have the following info for each advisory :
>>
>> - advisory ID: something like MGA-[NUMBER] ?
>> - advisory date
>> - affected source packages
>> - affected distribution versions
>> - CVE numbers
>> - list of binary packages with sha1sum
>> - Mageia Bug #
>> - Reference URLs
>> - advisory text
>>
>> Anything else ?
>
> - severity
> - whether this is a security issue or a non-security bugfix
> (could be 1 field)
What kind of severity classification should we use ?
Something like redhat, with Critical, Important, Moderate, Low ?
Or something more simple with only Critical and Normal ?
Or no classification ?
http://www.redhat.com/f/pdf/rhel4/SecurityClassification.pdf
More information about the Mageia-dev
mailing list