[This was originally posted on the OSVDB blog.]
I recently made a post titled Mail List Archives 101 (or why SF hates VDBs) commenting about the restructure of the SecurityFocus mail list archive. In short, it’s a bad thing. Unfortunately for many people, especially vulnerability databases, this is happening more and more, on various sites. Instead of an isolated event and one blog entry, now it seems I may want to start keeping a list. This time, welcome Mandriva Linux to the list.
Up until Apr 6, 2005, Mandrake Software used a standard URL for accessing advisories, which now gives a 404 of sorts:
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:072
Sometime on or around Apr 6, 2005, Mandrake Software became Mandriva, and offered the advisories on a new URL:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:122
Checking that URL now will redirect you to the generic advisory page:
http://frontal2.mandriva.com/security/advisories
Now, new Mandriva advisories are distributed with a URL like this:
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:204
Databases that have been referencing MDKSA advisories the past five or more years are now left with several hundred links that 404 or redirect to the main security advisory page (more recently). Not a good move Mandriva/Mandrake. Since the advisory ID remains the same, the least you could have done is set up more friendly redirects for the old advisories/domains. Jerks.