Mike Silbersack([EMAIL PROTECTED])@2001.04.25 12:24:47 +0000:
>
> On Wed, 25 Apr 2001, Karsten W. Rohrbach wrote:
>
> > oldver: bind-8.2.2
> > newver: bind-8.2.3
>
> If we're going to flag insecure versions, I think a better way would be to
> list "minimum version", which would indicate the lowest numbered version
> you can safely run. This could also be incorporated into the Makefile for
> each port so that pkg_version could issue alerts even before security
> advisories are issued (or after, if you missed some advisories.)
oldver was meant to be the latest version containing the bug the SA is
about.
when i think about it, there should be a field for the urgency of the
patch since some bugs are not as serious as other ones. based on that
scheme one could put up a periodic check script which send messages
above some urgency level to a centralized administrative email account.
i think this is something, admins of bigger server farms would like to
have.
>
> Of course, there's the issue of bind 8.x.x versus 9.x.x. I'm not sure how
> to resolve what minimum version would refer to.
bind8 and bind9 are different ports. package tracking has to flag them
correctly when installing the port/package as /var/db/pkg/bind8 and
/var/db/pkg/bind9. i assume that it would make more sense to put the
version number (like i described in the original post) in
/var/db/pkg/somepackage/VERSION so it is easier for the port management
tools to track versioning because of the really hairy directory parsing
someone would have to implement.
>
> Mike "Silby" Silbersack
>
--
> CS Students do it in the pool.
KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de
[Key] [KeyID---] [Created-] [Fingerprint-------------------------------------]
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
