Hi devs, As of this morning, there were 1108 CVEs in place for Debian Buster (Devuan Beowulf). Of these, 41 were prioritized 'high**', 199 'medium**', 17 'low**', 158 'low', 18 'unassigned', 550 'unimportant' and 143 had yet to be assigned.
https://security-tracker.debian.org/tracker/status/release/testing Of these, 32 ( 3 'high', 2 'medium', 2 'low', 7 'unimportant' and 18 'unassigned') of these CVEs have been marked 'fixed in unstable', and have therefore made it to 'candidate' status in the DTSA database. https://security-tracker.debian.org/tracker/status/dtsa-candidates I am experimenting with the idea of a customised local instance of the Debian security-tracker but configured for Devuan Beowulf . Thus I may have access to a local devuan-security mirror from which I could extract a beowulf summary for this list to accompany the DSA summaries for ascii. To this end, I have done the following: 1) git clone [email protected]:security-tracker-team/security-tracker.git and issued $bin/setup-repo 2) with a view to a devuan-specific version of this https://security-team.debian.org/security_tracker.html#setting-up-a-local-testing-instance 3) by editing the ./security-tracker/Makefile to Devuan specific variables. 4) I was hoping it would be a trivial matter of replacing devuan values in place for debian e.g. 'ascii' for 'stretch' and Devuan URLs in place of MIRROR = http://debian.csail.mit.edu/debian SECURITY_MIRROR = http://security.debian.org/debian-security Are there Devuan equivalents to these? Am I being naive? My reasoning was that as the distance between Devuan and Debian grows, so the desirability for Devuan-specific security advisories may well increase in tandem. As this is going to add a layer of uncertainty for the already over-worked upstream, my hope was that I could do some of the preliminary spadework, although spadework is about all it would (could) be. I have also reasoned that if it was that simple, it's already been done, and probably better. Is there anything in this idea that could be developed into a 'project'? I have had a look at the devuan-security pages, and would be more than willing to be a junior participant in such a project. https://git.devuan.org/devuan-security All (any) advice or tips would be gratefully accepted. Many Thanks leloft _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
