info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Inquiry Regarding Data Differences Between JSON File and Webpage
0 views
Skip to first unread message
YUNHE YANG
Dec 13, 2023, 2:20:04 PM12/13/23
to
Dear Debian Security Team,
My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
In my research, I have been utilizing data from the Debian security tracker, which has been incredibly valuable. However, I have noticed some significant differences between the information available on the webpage and the data provided in the downloadable JSON file:
Limited Information in JSON: The downloadable JSON file includes only the package name, ID, and a brief description of each vulnerability. In contrast, the webpage provides a much richer data set, including sources, release information, version, fixed version, and status.
Advantages and Disadvantages: While the webpage's comprehensive source collection is highly beneficial for comparing different descriptions of the same vulnerability, the JSON file's limited information significantly reduces its utility. The absence of crucial details like fixed versions and status in the JSON file makes it less useful than the webpage data.
Given the importance of detailed and comprehensive data for security research and analysis, I would like to know if there are plans to include more detailed information in the JSON file, similar to what is available on the webpage. This enhancement would greatly aid researchers like myself in conducting thorough and efficient analyses.
I understand that maintaining and updating security databases requires significant effort, and I appreciate the valuable resources that Debian provides to the community. Any other information or insights you could give would be very helpful. Thank you for your time and consideration. I'm looking forward to any guidance or information you can give me.
Best Regards,
Yunhe Yang
My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
In my research, I have been utilizing data from the Debian security tracker, which has been incredibly valuable. However, I have noticed some significant differences between the information available on the webpage and the data provided in the downloadable JSON file:
Limited Information in JSON: The downloadable JSON file includes only the package name, ID, and a brief description of each vulnerability. In contrast, the webpage provides a much richer data set, including sources, release information, version, fixed version, and status.
Advantages and Disadvantages: While the webpage's comprehensive source collection is highly beneficial for comparing different descriptions of the same vulnerability, the JSON file's limited information significantly reduces its utility. The absence of crucial details like fixed versions and status in the JSON file makes it less useful than the webpage data.
Given the importance of detailed and comprehensive data for security research and analysis, I would like to know if there are plans to include more detailed information in the JSON file, similar to what is available on the webpage. This enhancement would greatly aid researchers like myself in conducting thorough and efficient analyses.
I understand that maintaining and updating security databases requires significant effort, and I appreciate the valuable resources that Debian provides to the community. Any other information or insights you could give would be very helpful. Thank you for your time and consideration. I'm looking forward to any guidance or information you can give me.
Best Regards,
Yunhe Yang
to...@tuxteam.de
Dec 14, 2023, 2:50:03 AM12/14/23
to
On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
> Dear Debian Security Team,
>
> My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
[...]
> Dear Debian Security Team,
>
> My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
You mean those, I assume:
https://security-tracker.debian.org/tracker/
https://security-tracker.debian.org/tracker/data/json
I suppose the web page enriches the JSON data with information
available from other Debian sources.
That said, this is Debian, so you get the source code for (nearly)
everything. The security tracker's source seems to be here:
https://salsa.debian.org/security-tracker-team/security-tracker/
...so you can perhaps study how the web page fills in the data
you are missing in the JSON. And you can contact the authors
in case of doubt.
Cheers
--
t
Peter Pentchev
Dec 15, 2023, 3:10:03 AM12/15/23
to
On Thu, Dec 14, 2023 at 06:51:23AM +0100, to...@tuxteam.de wrote:
> On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
> > Dear Debian Security Team,
> >
> > My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
>
> [...]
>
> You mean those, I assume:
>
> https://security-tracker.debian.org/tracker/
> https://security-tracker.debian.org/tracker/data/json
>
> I suppose the web page enriches the JSON data with information
> available from other Debian sources.
OK, now I feel I have to ask the original poster: what parts that
> On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
> > Dear Debian Security Team,
> >
> > My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.
>
> [...]
>
> You mean those, I assume:
>
> https://security-tracker.debian.org/tracker/
> https://security-tracker.debian.org/tracker/data/json
>
> I suppose the web page enriches the JSON data with information
> available from other Debian sources.
are available on the webpage are not available in the JSON file?
From a quick look, it seems to me that the JSON file contains
a lot of information about Debian releases, fixed versions of
the packages (when available), and other things also found on
the webpage.
> That said, this is Debian, so you get the source code for (nearly)
> everything. The security tracker's source seems to be here:
>
> https://salsa.debian.org/security-tracker-team/security-tracker/
>
> ...so you can perhaps study how the web page fills in the data
> you are missing in the JSON. And you can contact the authors
> in case of doubt.
G'luck,
Peter
--
Peter Pentchev ro...@ringlet.net ro...@debian.org p...@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
0 new messages