zarb-ml/mageia-dev/2011-June/006100.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-dev] Mageia Advisories Database
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Mageia%20Advisories%20Database&In-Reply-To=%3C20110628144946.GR21938%40mars-attacks.org%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="006096.html">
   <LINK REL="Next"  HREF="006095.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-dev] Mageia Advisories Database</H1>
    <B>nicolas vigier</B> 
    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Mageia%20Advisories%20Database&In-Reply-To=%3C20110628144946.GR21938%40mars-attacks.org%3E"
       TITLE="[Mageia-dev] Mageia Advisories Database">boklm at mars-attacks.org
       </A><BR>
    <I>Tue Jun 28 16:49:46 CEST 2011</I>
    <P><UL>
        <LI>Previous message: <A HREF="006096.html">[Mageia-dev] Mageia Advisories Database
</A></li>
        <LI>Next message: <A HREF="006095.html">[Mageia-dev] Mageia Advisories Database
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#6100">[ date ]</a>
              <a href="thread.html#6100">[ thread ]</a>
              <a href="subject.html#6100">[ subject ]</a>
              <a href="author.html#6100">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>On Tue, 28 Jun 2011, Romain d'Alverny wrote:

&gt;<i> Hi,
</I>&gt;<i> 
</I>&gt;<i> On Tue, Jun 28, 2011 at 15:34, Samuel Verschelde &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">stormi at laposte.net</A>&gt; wrote:
</I>&gt;<i> &gt; Le mardi 28 juin 2011 15:20:33, nicolas vigier a &#233;crit :
</I>&gt;<i> &gt;&gt; In order to send updates advisories, and have a web page listing all
</I>&gt;<i> &gt;&gt; previous advisories, we need to create a database to store them.
</I>&gt;<i> &gt;&gt;
</I>&gt;<i> &gt;&gt; So I think it should have the following info for each advisory :
</I>&gt;<i> &gt;&gt;
</I>&gt;<i> &gt;&gt; &#160;- advisory ID: something like MGA-[NUMBER] ?
</I>&gt;<i> &gt;&gt; &#160;- advisory date
</I>&gt;<i> &gt;&gt; &#160;- affected source packages
</I>&gt;<i> &gt;&gt; &#160;- affected distribution versions
</I>&gt;<i> &gt;&gt; &#160;- CVE numbers
</I>&gt;<i> &gt;&gt; &#160;- list of binary packages with sha1sum
</I>&gt;<i> &gt;&gt; &#160;- Mageia Bug #
</I>&gt;<i> &gt;&gt; &#160;- Reference URLs
</I>&gt;<i> &gt;&gt; &#160;- advisory text
</I>&gt;<i> &gt;&gt;
</I>&gt;<i> &gt;&gt; Anything else ?
</I>&gt;<i> 
</I>&gt;<i> If using SQL, make sure to normalize the db schema a bit (that is, for
</I>&gt;<i> instance, an advisory table, with a distributions table, and a
</I>&gt;<i> relationship). MDV security advisory web app had a single table, with
</I>&gt;<i> new columns added each time a new release was published and that was
</I>&gt;<i> really not good, neither safe to maintain.
</I>&gt;<i> 
</I>&gt;<i> In this perspective, there could be the following tables:
</I>&gt;<i>  - advisories (id, date, text, list of URLs, list of bug #)
</I>&gt;<i>  - distributions (id, name)
</I>&gt;<i>  - source packages (id, name, version)
</I>&gt;<i>  - CVE numbers
</I>
I am thinking about the following tables :

 - advisories : id, published, publish-date, update-date, text, severity
 - source-packages : packagename, filename, sha1, distribution, repository, version, advisory-id
 - binary-packages : packagename, filename, sha1, source-package-id
 - cve-numbers : cve-number, advisory-id
 - bugzilla-numbers : bugzilla-number, advisory-id
 - reference-urls : url, advisory-id

&gt;<i> 
</I>&gt;<i> Not sure about the rest; depends on the data details and what type of
</I>&gt;<i> queries would be expected:
</I>&gt;<i>  - do we only query after the advisory id or do we plan to have stats
</I>&gt;<i> per distribution, source package?
</I>
We can query by advisory id, source package, cve number, bugzilla
number. And we can do stats.

&gt;<i>  - what screens do you expect?
</I>&gt;<i>  - are there several CVE numbers for a single advisory?
</I>
Yes. We can have several CVE numbers, source packages, bugzilla numbers,
URLs, distributions, for one advisory.

&gt;<i>  - is there a link from source packages and binary packages?
</I>
Yes.

</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="006096.html">[Mageia-dev] Mageia Advisories Database
</A></li>
	<LI>Next message: <A HREF="006095.html">[Mageia-dev] Mageia Advisories Database
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#6100">[ date ]</a>
              <a href="thread.html#6100">[ thread ]</a>
              <a href="subject.html#6100">[ subject ]</a>
              <a href="author.html#6100">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>