From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2011-June/006100.html | 147 +++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 zarb-ml/mageia-dev/2011-June/006100.html (limited to 'zarb-ml/mageia-dev/2011-June/006100.html') diff --git a/zarb-ml/mageia-dev/2011-June/006100.html b/zarb-ml/mageia-dev/2011-June/006100.html new file mode 100644 index 000000000..f41d8b1c8 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-June/006100.html @@ -0,0 +1,147 @@ + + + + [Mageia-dev] Mageia Advisories Database + + + + + + + + + +

[Mageia-dev] Mageia Advisories Database

+ nicolas vigier + boklm at mars-attacks.org +
+ Tue Jun 28 16:49:46 CEST 2011 +

+
+ +
On Tue, 28 Jun 2011, Romain d'Alverny wrote:
+
+> Hi,
+> 
+> On Tue, Jun 28, 2011 at 15:34, Samuel Verschelde <stormi at laposte.net> wrote:
+> > Le mardi 28 juin 2011 15:20:33, nicolas vigier a écrit :
+> >> In order to send updates advisories, and have a web page listing all
+> >> previous advisories, we need to create a database to store them.
+> >>
+> >> So I think it should have the following info for each advisory :
+> >>
+> >>  - advisory ID: something like MGA-[NUMBER] ?
+> >>  - advisory date
+> >>  - affected source packages
+> >>  - affected distribution versions
+> >>  - CVE numbers
+> >>  - list of binary packages with sha1sum
+> >>  - Mageia Bug #
+> >>  - Reference URLs
+> >>  - advisory text
+> >>
+> >> Anything else ?
+> 
+> If using SQL, make sure to normalize the db schema a bit (that is, for
+> instance, an advisory table, with a distributions table, and a
+> relationship). MDV security advisory web app had a single table, with
+> new columns added each time a new release was published and that was
+> really not good, neither safe to maintain.
+> 
+> In this perspective, there could be the following tables:
+>  - advisories (id, date, text, list of URLs, list of bug #)
+>  - distributions (id, name)
+>  - source packages (id, name, version)
+>  - CVE numbers
+
+I am thinking about the following tables :
+
+ - advisories : id, published, publish-date, update-date, text, severity
+ - source-packages : packagename, filename, sha1, distribution, repository, version, advisory-id
+ - binary-packages : packagename, filename, sha1, source-package-id
+ - cve-numbers : cve-number, advisory-id
+ - bugzilla-numbers : bugzilla-number, advisory-id
+ - reference-urls : url, advisory-id
+
+> 
+> Not sure about the rest; depends on the data details and what type of
+> queries would be expected:
+>  - do we only query after the advisory id or do we plan to have stats
+> per distribution, source package?
+
+We can query by advisory id, source package, cve number, bugzilla
+number. And we can do stats.
+
+>  - what screens do you expect?
+>  - are there several CVE numbers for a single advisory?
+
+Yes. We can have several CVE numbers, source packages, bugzilla numbers,
+URLs, distributions, for one advisory.
+
+>  - is there a link from source packages and binary packages?
+
+Yes.
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1