Subject: Re: Upgrading NetBSD
To: None <tech-userlevel@netbsd.org>
From: Daniel de Kok <danieldk@pobox.com>
List: tech-userlevel
Date: 01/17/2007 23:18:46
On Wed, Jan 17, 2007 at 09:54:03PM +0100, Joerg Sonnenberger wrote:
> What I want is a system of three parts:
> (a) A machine parseable list of all vulnerabilities for a given release.
Outside of probably stating the obvious, I'd like it to be human
readable/modifyable too, so that it can easily be parsed with
custom scripts. That probably rules out an XML-structured format.
> I prefer full file updates as it is IMO a lot more reliable and easier.
> The bandwidth argument is IMO weak as long as it is easy enough to
> choose a mirror or set one up.
I agree.
> Interesting questions are validation of updates and the lists. An
> OpenSSL cert would be an option, optional hooks for PGP/GPG another.
Since OpenSSL is in our base system, so I'd vote for that.
-- Daniel