Subject: learning what package versions are available?
To: None <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 01/25/2006 13:35:12
Like many others, I run audit-packages to learn what I need to update.
When I get hits, I do a 'cvs update' and try to build. Normally, that
takes at least several days, with the added load on the CVS servers.
It would be nice if there was a single file, updated daily, that had
the version string for each package. I could then write a script that
would pull down the version strings for every insecure package I have,
and check those strings against the vulnerabilities file.
Is this feasible? I don't see any target that would produce the
version string that we need.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb