difference between RHEL3 ES Taroon update 4 and update 5

Dag Wieers dag at wieers.com
Fri Mar 10 12:06:03 UTC 2006 

On Thu, 9 Mar 2006, Nick Sotterwood wrote:

> I got the list But I will need the package versions of
> the updated packages. How can I get them. I dont want
> to Upgrade from Taroon update 4 to 5 but I need to
> deploy a product on 5 which is already working on
> Update 4. So I will need the specifications.

Hi Jay,

I'm working on a tool that allows exactly what you want. But 
unfortunately it is not finished. It creates a database of all the RHSA 
(security), RHBA (bugfixes) and RHEA (enhancements) and allows you to 
query it in all different ways.

In your case that would be:

	give me all new packages since <date> that have product name 3ES

but then in SQL :)

What currently works is:

	- scrap the RHN website for all the latest RHSAs and create XML advisories (aerrate)
	- create the database from XML advisories (sarahdb)
	- report general database stats (sarahinfo)
	- perform custom queries (sarahsql)

What currently is in progress:

	- scrap RHBAs and RHEAs (aerrate)
	- create default reports (sarahrep)
		- verify a system's packages against this database
		- send out security reports in different formats
			- for management
			- for customers (prior to maintenance)
			- for security-team
		- the one you requested
	- hooks to integrate Sarah into other tools/backends

The project is called SARAH and is found at:

	http://dag.wieers.com/home-made/sarah/

I am currently waiting for Red Hat to releases the advisories in XML 
format (which would make aerrate obsolete and bring RHBAs and RHEAs into 
the picture).

The information that is currently stored inside the database:

	Advisory table (adv): contains the advisories and its characteristics

		advid, pushcount, severitylevel, issuedate, updatedate, 
		type, synopsis, description, topic, keywords, rhgroup, obsoletes

	Reference table (ref): contains the references to project bugzillas, CVE and other sources

		advid, reftype, reference, id, summary

	RPM package table (rpm): contains the individual packages that relate to advisories

		advid, prodshort, arch, filename, md5

	Product table (pro): contains the different product names

		prodshort, product

As you see, having this information at your disposal allows to integrate 
it into whatever process that is being used inside organisations.

I need some people willing to test and give feedback in order to drive 
development. So if you (or your organisation) has a need for something 
like this, your help will help to get there :)

Kind regards,
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]

More information about the redhat-list mailing list