I have a partly-baked idea regarding the security advisories that
I see on freebsd-announce. While I applaud the intent of these
notices, I wonder if some sort of automation might not make them a
bit more useful.
Let's say we encoded the advisories in XML and put them up for HTTP
access, encoding the version characterization information (e.g.,
Affects) in some mechanically-usable fashion. Then, a Perl script
on the local machine could look up the advisories, run the tests,
and report the results, all without compromising the privacy of the
local system.
I am quite willing to write a first cut at the client code, but I
think I need to get some buy-in from the folks who are generating
the advisories. Specifically, I need version characterization data
in a form which can be reliably used by an automated script. Is
this generally a feasible thing to provide?
If so, the rest seems pretty simple. I can read the advisories as
they come in over email, parse them and munge them into XML (with a
bit of hand-work, if need be) and put them up for general access.
-r
--
http://www.cfcl.com/rdm - home page, resume, etc.
http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser
email: [EMAIL PROTECTED]; phone: +1 650-873-7841
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
