Hacker News new | past | comments | ask | show | jobs | submit login

I've though about building a tool to scrape all of these Linux distro specific package changes and bug reports into a common place. It's always seemed weird to me that critical security patches are managed in obscure repos, bug trackers, internal build systems.

I don't mean every open source project needs to use GitHub but some of these home grown tools are just really hard to use. The PHP bug tracker's main page doesn't even have a link to view 8.1 or 8.2 bugs but has one for 7.2.




Last time I raised this I was told to subscribe to RedHat's notifications.

Now I get 10+ emails a day related to some Openshift module I've never heard of, and the one thing I know for sure is that it a CVSS10.0 comes in nginx out I'll completely miss it in the noise.


For the security part at least, there are a few efforts to combine all the errata in one place, for example https://osv.dev/list?ecosystem=Rocky+Linux


repology.org already scrapes all the versions, so it would be good to add bugs and patches there too. The service is open source too.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: