From: Marius Mauch <genone@genone.de>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] GLEP #14: security updates based on GLSA
Date: Sat, 23 Aug 2003 07:45:43 +0200 [thread overview]
Message-ID: <20030823074543.26dd16db.genone@genone.de> (raw)
In-Reply-To: <20030822184545.GF20817@james.is.never.wrong.nu>
On Fri, 22 Aug 2003 19:45:46 +0100
James Harlow <james@is.never.wrong.nu> wrote:
> It would be nice if the solution and the command became mandatory, and
> the command was formatted so that it could be run with /bin/sh.
I don't like that for several reasons:
- it's not necessary if a simple package upgrade can solve the issue
- there are general concerns about the inclusion of the <command> tag
> It's also my feeling that the exploit element should become an
> attribute so it can be checked - for example, if I'm writing a tool to
> secure a firewall while I'm on holiday, it would be essential to
> update remote holes, but less essential to update local holes.
I don't understand this, why would an attribute be better than an
element? I might *add* an attribute to the exploit tag if we can define
the possible values for that.
> And lastly and cosmetically, dates are normally represented as a
> day/month/year structure. In the version element, I think that you
> should get rid of the including attribute and extend the range
> attribute with greater-or-equal / less-than-or-equal. It's just my
> feeling that this will create more readable xml documents...
As said by Paul and Chris, the YYYYMMDD format is better suited and I'll
change the tool and the example to use it. For the version format, I'll
put that in the queue as there might be more changes necessary (see
Pauls request for a between tag).
Marius
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2003-08-23 6:11 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-22 17:19 [gentoo-dev] GLEP #14: security updates based on GLSA Marius Mauch
2003-08-22 17:30 ` Caleb Tennis
2003-08-23 5:28 ` Marius Mauch
2003-08-22 18:26 ` Paul de Vrieze
2003-08-23 5:34 ` Marius Mauch
2003-08-23 8:48 ` Paul de Vrieze
2003-08-24 22:15 ` Marius Mauch
2003-08-22 18:45 ` [gentoo-dev] Re: [gentoo-security] " James Harlow
2003-08-22 19:03 ` Paul de Vrieze
2003-08-22 19:04 ` Chris Gianelloni
2003-08-23 10:12 ` Denys Duchier
2003-08-23 12:49 ` Marius Mauch
2003-08-23 5:45 ` Marius Mauch [this message]
2003-08-22 19:50 ` [gentoo-dev] " Karsten Schulz
2003-08-22 20:18 ` Paul de Vrieze
2003-08-23 12:17 ` Karsten Schulz
2003-08-23 14:39 ` Tobias Sager
2003-08-23 20:21 ` Paul de Vrieze
2003-08-24 14:50 ` Karsten Schulz
2003-08-23 5:58 ` Marius Mauch
2003-08-23 12:02 ` Karsten Schulz
2003-08-23 3:59 ` Ned Ludd
2003-08-23 6:10 ` Marius Mauch
2003-08-23 8:52 ` Paul de Vrieze
2003-08-23 10:48 ` Wolfram Schlich
2003-08-23 14:40 ` Tobias Sager
2003-08-23 18:08 ` Marius Mauch
2003-08-28 15:15 ` Marius Mauch
2003-09-05 7:25 ` [gentoo-dev] Re: [gentoo-security] " Klavs Klavsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030823074543.26dd16db.genone@genone.de \
--to=genone@genone.de \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox