On Thu, Dec 14, 2023 at 06:51:23AM +0100,
to...@tuxteam.de wrote:
> On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
> > Dear Debian Security Team,
> >
> > My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
>
> [...]
>
> You mean those, I assume:
>
>
https://security-tracker.debian.org/tracker/
>
https://security-tracker.debian.org/tracker/data/json
>
> I suppose the web page enriches the JSON data with information
> available from other Debian sources.
OK, now I feel I have to ask the original poster: what parts that
are available on the webpage are not available in the JSON file?
From a quick look, it seems to me that the JSON file contains
a lot of information about Debian releases, fixed versions of
the packages (when available), and other things also found on
the webpage.
> That said, this is Debian, so you get the source code for (nearly)
> everything. The security tracker's source seems to be here:
>
>
https://salsa.debian.org/security-tracker-team/security-tracker/
>
> ...so you can perhaps study how the web page fills in the data
> you are missing in the JSON. And you can contact the authors
> in case of doubt.
That part is also true.
G'luck,
Peter
--
Peter Pentchev
ro...@ringlet.net ro...@debian.org p...@storpool.com
PGP key:
http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13