On Fri, May 24, 2002 at 03:54:48PM +0200, Christian Hammers wrote: > On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote: > > 1) Check the Debian security announcement list. > > 2) Compare new announcements to the local package database. > > 3) If vulnerable packages installed, send an 'I need updated' email to > > an address defined by the SysAdmin. > Another nice approach would be to archive all changelog entries (maybe the > installer could extract them for you), scan them for tag=security or > severity=high and build a database of "unwanted" packages that can be > compared with "dpkg -l" by the admins. This way you could attach the > relevant changelog entry to your "I need an update" mail.
See the 'harden' packages for similar work (without the changelog bits). > Even more nice would be an extension to "apt-cache show" that shows all > changelog entries after the installed version. Could then be used as > source for your program to, but needs more work as the changelogs would > have to be distributed alongside the package descriptions, too. If there were any way to retrieve package changelogs without downloading the source package or all binary packages, apt-listchanges would already do this. I wrote a program to extract changelogs from source packages and place them in a relational database, and a CGI program to fetch changelogs for an arbitrary range of versions, but it would have to be run automatically from katie or such to be useful, and I got no response to inquiries about that. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
