Hi On Mon, Sep 02, 2002 at 03:09:28PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote: > > > > Yes. Luckily I just saw someone that have written a script that checks > > the DSA:s and tell the maintainer that he/she has a vulnerable package. > > That is a good solution (best?). The problem is that the DSA is > > not able to distinguish between local/remote/3rdparty flaws but > > that is not always interesting. > > Why duplicate the work the Tiger package is already doing? I do not see the > merit > of checking *only* for DSAs published in the RDF file (since that RDF file is > limited to a few DSAs only).
Well my thought was to check for all DSA:s which apparently this script do not. > If you want a program to check for security flaws please use one designed for > that > precisely. Tiger is such a program. Just have the *flaws package recommend: or > depend: on tiger. On the other hand tigher does a lot of other things too. But the link you gave me was very interesting. > Of course, there is room for improvement, the DSAs could be parsed from the > WML > source to retrieve both the description *and* wether it's a local or remote > issue > and populate the report accordingly (it currently just checks against version > packages) *also* we could provide MD5sums of know vulnerable packages (in the > stable distribution and proposed-updates). > > Also, this information needs to be splitted off the package so it can work > like > antivirus updates. Thus, signature updates could go to proposed-updates > without > needing to update the program itself. Agreed. Without having too much digging in tiger it might be a good idea. The contact I have had with tiger is not very pleasant because it bugged me with a lot of non-issues. That is maybe the reason why I deinstalled it. :) Regards, // Ola > Regards > > Javi > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Björnkärrsgatan 5 A.11 \ | [EMAIL PROTECTED] 584 36 LINKÖPING | | +46 (0)13-17 69 83 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------