Florian Weimer wrote: > I've hacked something to check installed packages against the > vulnerability database. It's similar to the tsck script, but should > handle all package annotations correctly. Most of the logic is > server-side; debsecan downloads a compressed, release-specific > vulnerability list. > > Currently, there's only a darcs repository. Get it and test it: > > $ darcs get http://darcs.enyo.de/fw/debian/debsecan/debian debsecan > $ python debsecan/src/debsecan --suite sid > > (Or sarge or etch, as needed.) > > Comments and suggestions are welcome. This tool is still in a very > early stage, but I guess it's already pretty useful.
Very nice. You plan to upload the deb soon? It might be good to either move at least the files debsecan uses to a debian.org machine, or add a debian.net address for it, so that the url it downloads from is more under debian's control. Could it also list unfixed vulnerabilities? -- see shy jo
signature.asc
Description: Digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
