Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit : > On Tue, 28 Jun 2011, nicolas vigier wrote: > > > In order to send updates advisories, and have a web page listing all > > previous advisories, we need to create a database to store them. > > > > So I think it should have the following info for each advisory : > > > > - advisory ID: something like MGA-[NUMBER] ? > > - advisory date > > - affected source packages > > - affected distribution versions > > - CVE numbers > > - list of binary packages with sha1sum Is there people that really check them ? ( since there is already gpg and checksum in rpm that can be checked automatically, I do not see the point in having this when it requires another manual check )
> > - Mageia Bug # > > - Reference URLs > > - advisory text > > > > Anything else ? > > - severity Adding severity would requires us to have precise rules about it, and would not mean much, and likely lots of bike shedding about it. And also, what is the use precisely ? > - whether this is a security issue or a non-security bugfix What if there is more than 1 fix ( like a firefox upgrade ) ? And what's the use ? I would recommend looking at CVRF and OSVDB, but that's only for security issues. -- Michael Scherer