Hi, I am missing the advisory for openssl at ftp://ftp.freebsd.org/CERT/ Background: For long time i used the the quickpatch utility at my workstation to notify me about issues and *how* to fix it. With the web based advisory this is not possible since the .asc file contains only the pgp signature (no more details). Regards, olli
Olli Hauer wrote:> I am missing the advisory for openssl at ftp://ftp.freebsd.org/CERT/We stopped uploading advisories there because we kept on running into problems with ftp mirrors being out of date, while have complete control over the security.freebsd.org webserver and can make sure files are there before we send out the advisory.> Background: > For long time i used the the quickpatch utility at my workstation to > notify me about issues and *how* to fix it. > > With the web based advisory this is not possible since the .asc file > contains only the pgp signature (no more details).Huh? The advisories on the security.freebsd.org webserver are exactly the same files as the advisories which went to ftp.freebsd.org. Colin Percival FreeBSD Security Officer
Robert Watson wrote:> On Fri, 5 Oct 2007, Colin Percival wrote: >>> ftp://ftp.freebsd.org/CERT/ >> >> We stopped uploading advisories there because we kept on running into >> problems with ftp mirrors being out of date, while have complete >> control over the security.freebsd.org webserver and can make sure >> files are there before we send out the advisory. > > Sounds like we should remove this from ftp-master so it stops being > replicated, or at least put a note there about it being historic. Any > preference on which? It would be easy for me to put a warning and > redirection at the top of README or rename CERT to CERT.old.All of the old advisories point to ftp.freebsd.org (both as "the latest revision of this advisory can be found at" and for the patches), so we should leave the existing files there for the near future at least. Adding a README pointing people towards security.freebsd.org sounds like the best option to me. Colin Percival
On Fri, 5 Oct 2007, Colin Percival wrote:> Olli Hauer wrote: >> I am missing the advisory for openssl at ftp://ftp.freebsd.org/CERT/ > > We stopped uploading advisories there because we kept on running into > problems with ftp mirrors being out of date, while have complete control > over the security.freebsd.org webserver and can make sure files are there > before we send out the advisory.Sounds like we should remove this from ftp-master so it stops being replicated, or at least put a note there about it being historic. Any preference on which? It would be easy for me to put a warning and redirection at the top of README or rename CERT to CERT.old. Robert N M Watson Computer Laboratory University of Cambridge
Colin Percival wrote:> Robert Watson wrote: >> On Fri, 5 Oct 2007, Colin Percival wrote: >>>> ftp://ftp.freebsd.org/CERT/ >>> We stopped uploading advisories there because we kept on running into >>> problems with ftp mirrors being out of date, while have complete >>> control over the security.freebsd.org webserver and can make sure >>> files are there before we send out the advisory.OK, that is a good reason. (with ftp it was very easy to get the advisories/patches with a script and wget without filtering icons and index.html files)>> Sounds like we should remove this from ftp-master so it stops being >> replicated, or at least put a note there about it being historic. Any >> preference on which? It would be easy for me to put a warning and >> redirection at the top of README or rename CERT to CERT.old. > All of the old advisories point to ftp.freebsd.org (both as "the latest > revision of this advisory can be found at" and for the patches), so we > should leave the existing files there for the near future at least. Adding > a README pointing people towards security.freebsd.org sounds like the best > option to me.For humans who browse the website it is better to correct the link to CERT at http://security.freebsd.org/ to the new location. <-- snipped from the website http://security.freebsd.org/ -- Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. ......................................................^^^^^^^^ At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site): .................^^^^^^^^ -- end snipped --> olli