On Sun, Jan 31, 2021 at 10:39:05AM -0600, Bruce Dubbs via blfs-dev wrote: > On 1/31/21 7:57 AM, Ken Moffat via blfs-dev wrote: > > > Current links: > > > 2. The revised details for 10.0 are at > > http://www.linuxfromscratch.org/blfs/advisories/10.0.html with short > > summaries of the issue / what to do, and links to fuller details on > > the consolidated page. > > I have not been following this closely but I took a look today. I have a > question and a suggestion. > > The entries have numbers associated with them like: > > OpenSSL (LFS) > > 10.0-005 > > A high severity vulnerability was found in OpenSSL. To fix this, update to > OpenSSL-1.1.1i or later. 10.0-999 > ------ > > What is the significance of the -005 above? I suppose that the 10.0 refers > to BLFS-10.0, but that should probably be explicit. Slightly more > explanation of the layout will help first time viewers. >
In that case, the 005 should be 999 (out of sequence, to be at the top of the consolidated page for 'experimental'). The 10.0-999 is for the link from the advisories/10.0.html page. Missing some of the items I should have changed is inevitable with me doing this. Apologies. If this goes in before we release 10.0, the links at the top of the consolidated page will start 10.1 within a few days of the release, abd be followed by 10.0 items further down the page. The main heading in 10.0.html says these are for BLFS 10.0 and the current development book. I think it should be easy enough to understand, people just need to get used to the change. And maybe the second sentence in the italic part at the top of 10.0.html should be more prominent ? Put both sentences in normal text, and put the second in a separate paragraph ? > Also a suggestion: For each entry, preface it with the date the entry was > added to the page. For instance: > > [2021-01-31] A high severity vulnerability... > > -- Bruce I put the effective date in the text on the consolidated page. Once the 10.0 page gets up to date there will be around 60 or 70 items (at the moment) and reducing what is there will make it easier to read. My theory is that if someone is reasonably up to date in their packages, and does not build everything, they only need to look at the newest entries in 'consolidated', or the packages they care about in the current (10.0) page. At the moment our BLFS errata may mention severities but in plain text without emphasis, and only mentioning the latest. Perhaps add Date: xxxx Severity: Critical/High/Uncertain in the header on the *consolidated* page? And I suppose on the header in 10.0.html. Of the items currently there, I think only that for Samba is Critical. For date format separators, I've used '/' : does that look odd in CCMM-YY-DD formats ? I can change it before I go too far. ĸen -- The right of the people to keep and arm Bears, shall not be infringed. -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
