[Mageia-dev] Mageia Advisories Database

Tue Jun 28 17:58:20 CEST 2011

On Tue, 28 Jun 2011, Michael Scherer wrote:
+
+> Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit :
+> > On Tue, 28 Jun 2011, nicolas vigier wrote:
+> > 
+> > > In order to send updates advisories, and have a web page listing all
+> > > previous advisories, we need to create a database to store them.
+> > >
+> > > So I think it should have the following info for each advisory :
+> > >
+> > > - advisory ID: something like MGA-[NUMBER] ?
+> > > - advisory date
+> > > - affected source packages
+> > > - affected distribution versions
+> > > - CVE numbers
+> > > - list of binary packages with sha1sum
+> Is there people that really check them ?
+> ( since there is already gpg and checksum in rpm that can be checked
+> automatically, I do not see the point in having this when it requires
+> another manual check )
+
+Most other distributions include this in their advisories. But yes, it's
+not very useful, so we can probably remove the sha1.
+
+> 
+> > > - Mageia Bug #
+> > > - Reference URLs
+> > > - advisory text
+> > >
+> > > Anything else ?
+> > 
+> > - severity
+> Adding severity would requires us to have precise rules about it, and
+> would not mean much, and likely lots of bike shedding about it.
+> 
+> And also, what is the use precisely ?
+> 
+> > - whether this is a security issue or a non-security bugfix
+> What if there is more than 1 fix ( like a firefox upgrade ) ?
+
+If at least one of them is security, then it's a security update.
+
+