[This was originally posted on the OSVDB blog.]
I recently made a post titled Mail List Archives 101 (or why SF hates VDBs) commenting about the restructure of the SecurityFocus mail list archive. In short, it’s a bad thing. Unfortunately for many people, especially vulnerability databases, this is happening more and more, on various sites. Instead of an isolated event and one blog entry, now it seems I may want to start keeping a list. This time, welcome Mandriva Linux to the list.
Up until Apr 6, 2005, Mandrake Software used a standard URL for accessing advisories, which now gives a 404 of sorts:
Sometime on or around Apr 6, 2005, Mandrake Software became Mandriva, and offered the advisories on a new URL:
Checking that URL now will redirect you to the generic advisory page:
Now, new Mandriva advisories are distributed with a URL like this:
Databases that have been referencing MDKSA advisories the past five or more years are now left with several hundred links that 404 or redirect to the main security advisory page (more recently). Not a good move Mandriva/Mandrake. Since the advisory ID remains the same, the least you could have done is set up more friendly redirects for the old advisories/domains. Jerks.