[Mageia-dev] Mageia Advisories Database

Tue Jun 28 17:33:07 CEST 2011

Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit :
+> On Tue, 28 Jun 2011, nicolas vigier wrote:
+> 
+> > In order to send updates advisories, and have a web page listing all
+> > previous advisories, we need to create a database to store them.
+> >
+> > So I think it should have the following info for each advisory :
+> >
+> > - advisory ID: something like MGA-[NUMBER] ?
+> > - advisory date
+> > - affected source packages
+> > - affected distribution versions
+> > - CVE numbers
+> > - list of binary packages with sha1sum
+Is there people that really check them ?
+( since there is already gpg and checksum in rpm that can be checked
+automatically, I do not see the point in having this when it requires
+another manual check )
+
+> > - Mageia Bug #
+> > - Reference URLs
+> > - advisory text
+> >
+> > Anything else ?
+> 
+> - severity
+Adding severity would requires us to have precise rules about it, and
+would not mean much, and likely lots of bike shedding about it.
+
+And also, what is the use precisely ?
+
+> - whether this is a security issue or a non-security bugfix
+What if there is more than 1 fix ( like a firefox upgrade ) ?
+And what's the use ?
+
+I would recommend looking at CVRF and OSVDB, but that's only for
+security issues.
+-- 
+Michael Scherer
+
+