[arch-general] Arch-Sheriff - A script to match NetBSD vulnerability database against Arch Linux packages
Hugo Doria
hugodoria at gmail.com
Thu Sep 11 13:48:57 EDT 2008
Hi everyone,
Some time ago Paulo Matias [1] (member of Arch Linux Brazil) started a
very nice project to help improve Arch's security.
Paulo created a python script to automatically test Arch's packages
against the NetBSD vulnerabilities database. The script can run
automatically and generates a text file with the details of all
vulnerabilities found.
This project is now called Arch-Sheriff (the source is available here
[3]) and me and Kessia Pinheiro [2] began to help Paulo in the
development. Arch-Sheriff now generates a html page with all
vulnerabilities details and a link to them. The page can be found
here:
http://dev.archlinux.org/~hugo/sheriff/
The idea now is to create a way to notify a package maintainer about
the vulnerability and add a way to mark it as fixed in Arch. We also
want to create a login so the maintainers can mark all the
vulnerabilities that they fixed and a rss feed.
Arch-Sheriff is still experimental and there are some things that
needs to be fixed. But i think that you guys can see what we pretend
and where we are going. :)
And, please, tell me what you think about this. Any suggestion is welcome.
[1] http://matias.archlinux-br.org
[2] http://even.archlinux-br.org
[3] http://code.google.com/p/arch-sheriff/
Oh! And BTW, can someone update pacman db in gerolde? I think its a
bit old (sheriff got a older version of wireshark and opera, for
example).
-- Hugo
More information about the arch-general
mailing list