skip to the content

back to the top

Introduction

dsafilter is a mail filter for Debian Security Advisories (DSAs). Given a DSA, it will indicate the following in the subject:

  1. the validity of the DSA's GPG signature
  2. whether or not the DSA is applicable to the current machine
  3. the current machine's hostname

Example subject-lines

[dsafilter] DSA/864-1 ruby1.8 on anubis of interest
[dsafilter] DSA/856-1 py2play on anubis does not apply
[dsafilter] DSA/864-1 attached (signature failure)

It will also indicate for which binary packages the DSA is applicable to in the message body. An example: 

The following installed packages are possibly affected by the attached DSA:
        libreadline-ruby1.8
        ruby1.8-examples
        ri1.8
        ruby1.8
        libruby1.8
        rdoc1.8
        irb1.8

Combined with a general-purpose mail filter (such as procmail or rubyfilter), you can weed out DSA mails which do not apply to you, or forward the ones that do to fellow sysadmins.

Future goals

Eventually, dsafilter will generate a mail for each of your computers that the DSA is applicable to, so I can use the emails as a TODO-list, deleting each DSA as the corresponding machine is upgraded.

More immediate goals include:

download

darcs repository: http://alcopop.org/code/dsafilter/darcs/.

requirements

dsafilter is written using ruby and requires ruby1.8 and the rubymail library (debian package librmail-ruby1.8).

Presently, this version relies on GnuPG being installed, the gpg binary being in the $PATH variable, and the public key used to sign genuine DSAs (available in package debian-keyring) imported into the user's GPG keyring.

Comments

Comments, suggestions, test-cases, patches, documentation etc. to jon@alcopop.org please. The filter has been developed entirely with my own needs in mind so far, but I am very willing to help move it towards being more generally useful.

Those interested may view a graph of the CVS tree (a bit old).