On Tue, 28 Jun 2011, Christiaan Welvaart wrote: > On Tue, 28 Jun 2011, nicolas vigier wrote: > >> In order to send updates advisories, and have a web page listing all >> previous advisories, we need to create a database to store them. >> >> So I think it should have the following info for each advisory : >> >> - advisory ID: something like MGA-[NUMBER] ? >> - advisory date >> - affected source packages >> - affected distribution versions >> - CVE numbers >> - list of binary packages with sha1sum >> - Mageia Bug # >> - Reference URLs >> - advisory text >> >> Anything else ? > > - severity > - whether this is a security issue or a non-security bugfix > (could be 1 field)
What kind of severity classification should we use ? Something like redhat, with Critical, Important, Moderate, Low ? Or something more simple with only Critical and Normal ? Or no classification ? http://www.redhat.com/f/pdf/rhel4/SecurityClassification.pdf
