[Demi-devel] Initial Demi release

John Morrissey jwm at horde.net
Tue Dec 20 15:40:57 UTC 2005 

On Sat, Dec 17, 2005 at 10:43:25AM +0100, Leo Eraly wrote:
> On Fri, Dec 16, 2005 at 01:19:54PM -0500, John Morrissey wrote:
> > I've committed the initial public release of Demi, which has been
> > graciously sponsored by my employer, Citizens Communications. Code is
> > available from:
> > 
> > svn://svn.debian.org/demi
> 
> Your project looks nice!

Thank you!

> As I'am reading your code if have a few questions to make sure
> i understand the code/flow correctly.
> Can you confirm or correct these?
> 
> -You get the rss feed of the DSA's you parse it and put it in a table

Yup. The biggest problem is that the RSS feed only contains so much history.
It would be nice to have a machine-readable list of DSAs going back for a
longer period of time. Otherwise, new installations won't have very much DSA
history, so older DSAs will go unreported.

Additionally, the RSS feed doesn't contain which version(s) are fixed. The
only way I've come up with is to screen scrape the HTML from d.o/security/.
Currently, Demi assumes the latest available version fixes the DSA, which
isn't always the case. As a result, some DSAs may be reported that aren't
applicable, since the installed version of the package already fixes them.

> -Every machine runs an agent which reads a command file somewhere local,
>  excutes these commands and writes the results in a -results file
> -These command and results files are pushed and pulled via scp

Yes, and yes. Eventually, it might be nice for agents to push the results
back to the server as soon as the command completes, so the result would
be immediately available.

> -List of current packages on remote machine is obtained via `cat` over
>  ssh

Yup. It might be useful to only transfer /var/lib/dpkg/status if its md5sum
has changed, to save bandwidth.

> -(Some) Commands are written in a table , is this only for logging
>  purposes

Pretty much. It also tells the server which commands are still pending on
each agent, so it knows which result files to scp. Only pushed commands are
logged - the scp/ssh operations themselves from the server don't get logged.

> -Correlation and overview of machines that are not up to date is done in
>  overview.py
> -All update- and process- commands are currently run via cron

Yup.

john
-- 
John Morrissey          _o            /\         ----  __o
jwm at horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

More information about the Demi-devel mailing list