1. Forum
  2. Usenet
  3. LINUX.DEBIAN.PROJECT

  • Inquiry Regarding Data Differences Between JSON File and Webpage

    From YUNHE YANG@21:1/5 to All on Wed Dec 13 20:20:02 2023
    Dear Debian Security Team,

    My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.

    In my research, I have been utilizing data from the Debian security tracker, which has been incredibly valuable. However, I have noticed some significant differences between the information available on the webpage and the data provided in the
    downloadable JSON file:

    Limited Information in JSON: The downloadable JSON file includes only the package name, ID, and a brief description of each vulnerability. In contrast, the webpage provides a much richer data set, including sources, release information, version, fixed
    version, and status.

    Advantages and Disadvantages: While the webpage's comprehensive source collection is highly beneficial for comparing different descriptions of the same vulnerability, the JSON file's limited information significantly reduces its utility. The absence of
    crucial details like fixed versions and status in the JSON file makes it less useful than the webpage data.

    Given the importance of detailed and comprehensive data for security research and analysis, I would like to know if there are plans to include more detailed information in the JSON file, similar to what is available on the webpage. This enhancement would
    greatly aid researchers like myself in conducting thorough and efficient analyses.

    I understand that maintaining and updating security databases requires significant effort, and I appreciate the valuable resources that Debian provides to the community. Any other information or insights you could give would be very helpful. Thank you
    for your time and consideration. I'm looking forward to any guidance or information you can give me.


    Best Regards,
    Yunhe Yang

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tomas@tuxteam.de@21:1/5 to YUNHE YANG on Thu Dec 14 08:50:01 2023
    On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
    Dear Debian Security Team,

    My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.

    [...]

    You mean those, I assume:

    https://security-tracker.debian.org/tracker/
    https://security-tracker.debian.org/tracker/data/json

    I suppose the web page enriches the JSON data with information
    available from other Debian sources.

    That said, this is Debian, so you get the source code for (nearly)
    everything. The security tracker's source seems to be here:

    https://salsa.debian.org/security-tracker-team/security-tracker/

    ...so you can perhaps study how the web page fills in the data
    you are missing in the JSON. And you can contact the authors
    in case of doubt.

    Cheers
    --
    t

    -----BEGIN PGP SIGNATURE-----

    iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZXqX2wAKCRAFyCz1etHa RmoAAJ4jnf7FIMgnV9rryg0MnPWoJSxJaACcDKz88wOmxa+4+kASFNcDaakQOi0=
    =BZ7p
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Peter Pentchev@21:1/5 to tomas@tuxteam.de on Fri Dec 15 09:10:01 2023
    On Thu, Dec 14, 2023 at 06:51:23AM +0100, tomas@tuxteam.de wrote:
    On Wed, Dec 13, 2023 at 07:08:45PM +0000, YUNHE YANG wrote:
    Dear Debian Security Team,

    My name is Yunhe Yang, and I am a Ph.D. student specializing in Computer Security. I am writing to discuss some observations and questions about the data on the Debian security tracker webpage and the downloadable JSON file for local database use.

    [...]

    You mean those, I assume:

    https://security-tracker.debian.org/tracker/
    https://security-tracker.debian.org/tracker/data/json

    I suppose the web page enriches the JSON data with information
    available from other Debian sources.

    OK, now I feel I have to ask the original poster: what parts that
    are available on the webpage are not available in the JSON file?
    From a quick look, it seems to me that the JSON file contains
    a lot of information about Debian releases, fixed versions of
    the packages (when available), and other things also found on
    the webpage.

    That said, this is Debian, so you get the source code for (nearly) everything. The security tracker's source seems to be here:

    https://salsa.debian.org/security-tracker-team/security-tracker/

    ...so you can perhaps study how the web page fills in the data
    you are missing in the JSON. And you can contact the authors
    in case of doubt.

    That part is also true.

    G'luck,
    Peter

    --
    Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com
    PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
    Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmV7m90ACgkQZR7vsCUn 3xMYdg/+J5nqUh6NpsfFIFz1OwIO/+o6ggPSMjDZqxC1LTb17FP42enojHnjitWe ac5QXjsDzpdLCeDCMlo3o2PNUV61udNkupkpBh388lRo/ShvBGRxg182YW8OsmEX aGD+xR7zxLKJiiXHJ3kxR/2AV3FDiMGGurJQAIdc5w1eCoPRUDGq8eMS7y0SD3YC 1ZX+GYy9flnQp9zbUtrw6LULff1WP0PK/MxUX7QKRIGdqyQzpQIffkfGGnF2P/Y1 NI/biNPaCb+j3korAYCLAUWpF7w1o1NwfX3o2Q5bfcGtoI60/dWqOT/6js/LGaYM A//eVbfLKbjz+ulD0sGKLCcWQWmTqJTtqLkB43Z43XZtPf3Bl2D8sZmzwdsuF9v2 sUOwxH0UnZtbCc2YuZ8m+Bvh5f9QXcfJRFHVi52phItp3VBog4j7++c7acJ1+08Y 6OfheAPD9jzerRiUIY3HbJTRZo6PvRWD5oxSDE1D62AgoNpWcN/p8FEVnOHC+cQO 8geCGjQi/QQi7+jqlZRz0GIiAQ11oakNhz+hE3xJUqUg7zYUEHzTgI8KoSVnpdCE a8dQuh3M3nsAgccxIX0HP2/29mpSqGYLzD7eSjhR8NyraUPqYVqLKLJQouivWBWj K/1N7sKrCj4EH8qR4fQrLjEF0FR1/nc7S3fMLIEOYozIFO/iWCk=
    =IlXj
    -