[CentOS] Scripting for Centos security advisory database

Wed Aug 11 17:10:08 UTC 2010
Todd Denniston <Todd.Denniston at tsb.cranrdte.navy.mil>

Karanbir Singh wrote, On 07/05/2010 04:12 PM:
> Hi Alexander,
> 
> On 02/07/2010 13:49, Alexander Dalloz wrote:
>> with other words you are working on making the yum-security plugin usable
>> on CentOS? That would be great!
> 
> Thats where this whole thing started from. The problem is that the
> yum-security plugin needs some specific info available in the CentOS
> repo's and the place where its generated has licensing issues with us
> just using it as is.
> 

Am I being overly optimistic here, in hoping the portions the 'place where its generated has
licensing issues' is just with copying verbatim the collated data from their database (CVEs & bugs
fields) and the written prose (Description field)?

would they be OK with those fields being done like the announce messages, i.e. just point to the URL
for the info, not replicate it?
That is, at least for an early usable version set
	title :announce msg subject info post the CESA-number
	Update ID: CESA-from announce message
	Issued : when did the announce msg get generated?
	Type : as appropriate, and known from message
	Bugs & CVEs: see URL, yes or empty (unless fills a CentOS tracker item too).
	Description : Upstream details URL from announce msg.
	Files: Well, what did the build from SRPM produce for this arch?

Over all at least have it so yum update-minimal would work, and full details elsewhere?


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter