On Tue, 28 Jun 2011, Michael Scherer wrote: > Le mardi 28 juin 2011 à 16:23 +0200, Christiaan Welvaart a écrit : > > On Tue, 28 Jun 2011, nicolas vigier wrote: > > > > > In order to send updates advisories, and have a web page listing all > > > previous advisories, we need to create a database to store them. > > > > > > So I think it should have the following info for each advisory : > > > > > > - advisory ID: something like MGA-[NUMBER] ? > > > - advisory date > > > - affected source packages > > > - affected distribution versions > > > - CVE numbers > > > - list of binary packages with sha1sum > Is there people that really check them ? > ( since there is already gpg and checksum in rpm that can be checked > automatically, I do not see the point in having this when it requires > another manual check )
Most other distributions include this in their advisories. But yes, it's not very useful, so we can probably remove the sha1. > > > > - Mageia Bug # > > > - Reference URLs > > > - advisory text > > > > > > Anything else ? > > > > - severity > Adding severity would requires us to have precise rules about it, and > would not mean much, and likely lots of bike shedding about it. > > And also, what is the use precisely ? > > > - whether this is a security issue or a non-security bugfix > What if there is more than 1 fix ( like a firefox upgrade ) ? If at least one of them is security, then it's a security update.
