Re: Upcoming changes in advisory format
The side-effect of that is that you are now listing only the source package name, and not anymore the binary package names. But to do the upgrade, the administrator of the machine has to select the binary packages for upgrade, or, to check if the testing/sid version the machine has is new enough, check the installed version of all binary packages built from that source package. FTR, the template currently in use is not the final version. Changes are still under discussion. For what they asked here: dak ls -s $suite -S $source and replace $suite with the target suite (stable/testing) and $source with the source name. That is, after install in the archive. But we could sure make something up within n-s-i or with an extra command before (or tell you the needed db magic for the security dak db) to come up with such a list. Gives you a set of binary package name | version | suite | architectures for all binaries that source has. For example, the last two DSAs get me dselect |1.14.31 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc dpkg-dev |1.14.31 | stable/updates/main | all dpkg |1.14.31 | stable/updates/main | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-dbg | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-mpm-worker | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2.2-common | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-threaded-dev | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-suexec | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2 | 2.2.9-10+lenny9 | stable/updates/main | source, all apache2-prefork-dev | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-mpm-prefork | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-utils | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-suexec-custom | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc apache2-doc | 2.2.9-10+lenny9 | stable/updates/main | all apache2-src | 2.2.9-10+lenny9 | stable/updates/main | all apache2-mpm-event | 2.2.9-10+lenny9 | stable/updates/main | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc (Might also want to look at -f heidi added to it) -- bye, Joerg Lisa, honey, if it’ll make you feel better I’ll destroy something Bart loves. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87hbdh15m7@gkar.ganneff.de
Re: Upcoming changes in advisory format
On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote: Traditionally Debian security advisories have included MD5 check sums of the updated packages. Since apt cryptographically enforces the integrity of the archive for quite some time now, we've decided to finally drop the hash values from our advisory mails. The side-effect of that is that you are now listing only the source package name, and not anymore the binary package names. But to do the upgrade, the administrator of the machine has to select the binary packages for upgrade, or, to check if the testing/sid version the machine has is new enough, check the installed version of all binary packages built from that source package. So I suggest you list the affected binary packages. Yes, that information is available from e.g. http://packages.debian.org/src:PACKAGE, but the admin might not know that, etc. -- Lionel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110106085356.ga30...@capsaicin.mamane.lu
Re: Upcoming changes in advisory format
On Thu, Jan 06, 2011 at 09:53:56AM +0100, Lionel Elie Mamane wrote: The side-effect of that is that you are now listing only the source package name, and not anymore the binary package names. But to do the upgrade, the administrator of the machine has to select the binary packages for upgrade, or, to check if the testing/sid version the machine has is new enough, check the installed version of all binary packages built from that source package. I've often wished for an apt invocation which would select for upgrade all packages derived from a named source package, for selective security updates, but I've never really persued it. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110106103713.gu4...@urchin.earth.li
Re: Upcoming changes in advisory format
Lionel Elie Mamane wrote: On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote: Traditionally Debian security advisories have included MD5 check sums of the updated packages. Since apt cryptographically enforces the integrity of the archive for quite some time now, we've decided to finally drop the hash values from our advisory mails. The side-effect of that is that you are now listing only the source package name, and not anymore the binary package names. But to do the upgrade, the administrator of the machine has to select the binary packages for upgrade, or, to check if the testing/sid version the machine has is new enough, check the installed version of all binary packages built from that source package. FTR, the template currently in use is not the final version. Changes are still under discussion. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ig53u3$np...@dough.gmane.org