[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSA machine readable feeds

On Fri, Dec 15, 2017 at 3:01 AM, Doug Goldstein <cardoe@xxxxxxxxxx> wrote:
> Hello all,
> Looking to see if there is interest from anyone in having machine
> readable feeds for the XSA content (e.g. JSON). I mentioned it on IRC
> but figured I should post this on the ML to get interest and see if
> anyone has strong feelings about a format. I am currently converting the
> HTML index to a JSON file of XSAs and then each XSA to its own JSON file.

FWIW I've been working on a tool to help the security team manage the
complexity of making sure all combinations of the XSAs actually work
before sending them out; we've started including some of the data from
these as ".meta" files attached to XSAs.

At the moment the content is Xen-security-team-focused: It assumes you
have access to our private repository for XSAs and advisories; and the
'recipes' are designed to allow the team to maintain a patch which
will apply to staging-XX without problems.

But it could certainly be designed to work also from json files
provided on the website (or elsewhere), and the 'recipe' could also
include user-focused instructions for how to apply it and/or make sure
it's been applied.

If someone in the community wanted to step up and take a lead on
developing what this looks like, it would probably happen faster. :-)

The tool as it is is here:


It's still very much 'Experimental' -- interface will certainly
change, reliability "here be dragons".


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.