Subject: Re: Current events and free software
From: Stefane Fermigier <sf@fermigier.com>
Date: Wed, 19 Sep 2001 22:47:01 +0200

On Wed, Sep 19, 2001 at 01:43:47PM -0400, Guido van Rossum wrote:
> 
> Think of this: if instead of MS software, everybody was running the
> same open source software.  Would there be fewer vulnerabilities?  I'm
> not so sure.  Our servers were just broken into using an sshd exploit.
> That's open source.  A fix existed.  But there's always the human
> factor of the sysadmin who has to upgrade all servers.

One year ago, I've written (in Python) the "rpmwatch" utility.

This is a script for the Mandrake distribution that checks if there are any
packages to update for some security reasons and sends an email to a
prescribed person if it is the case.

I personnaly run it on everyone of my servers once a day, in a cron job.

I wrote it one year ago to show MandrakeSoft that it was easy to do, so that
they would include a more involved functionality in their distribution.

It took me about 1 day to write the script, and most of it was spent reverse
engineering the Mandrake update infrastructure, and figuring out the RPM API.

To this date, they didn't do anything to enhance the script (which, in
MandrakeSpeak, means "rewrite it in Perl" :-) and to include it as a standard
feature in their distribution.

The script is available at http://rpmwatch.com/ . It's currently just a proof a
concept, but it works and should be easily extended by anyone wishing to do
so (it's free software, after all). 

I just think that it is a shame that most (if not all) serious distributions
don't include a similar feature or utility.

Cheers,

	S.

BTW: Python rocks, Python 2.2 rocks even harder !

-- 
Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile).
http://nuxeo.com/ & http://portalux.com/ & http://aful.org/
"Amazon: we patent the dot in .com"