On Sat, 16 Apr 2011, Michael Scherer wrote: > >> Old Process: >> >> * monitor vendor-sec, discuss vulns, patches, negotiate release schedule, >> also watch other distro updates, for things we may have missed > > We could ask to maintainers to help on that regard, > or, like proposed for mageia-app-db and package testing, have a list of > people > dedicated on gathering such informations. For example, someone say "I take > care of watching security for libreoffice and will warn secteam if > something need to be done".
We can maybe also use the "Open Source Vulnerability Database" from http://osvdb.org/. This database can be downloaded, so maybe we can integrate it into youri-check. I think it will requires some work to match software name in OSVD and our package names. Some people created "distromatch", a tool to match package names between distributions. Maybe OSVD could be added to distromatch.
