Dear All, I had an idea for a utility to make it easier to check a system is up-to-date with patches. I assumed that someone else must have had the idea already, but I couldn't find it on the web so I wrote the utility myself. For this utility to work it needs someone (and I think that someone really needs to be SuSE) to maintain a machine-readable list of packages known to have security holes. All the utility does is reads such a list and then reports any vulnerable packages it finds on the system. So you would use it something like wget -O - ftp://ftp.suse.com/vulnerabilities.txt | scanrpm The vulnerability file should contain lines like openssh VERSION=8.3.0p2 RELEASE=98 where the uppercase keywords correspond to rpm query tags. Do people think this is useful? If so, are SuSE willing to take it on? Of course, the utility would be useful for bad guys as well as good guys, but we are used to that. Current version of the scanrpm utility can be found at http://www.cs.rhul.ac.uk/home/bobv/utils/scanrpm Nothing in the utility is SuSE-specific, but I guess the database would be. Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691