Hi Guido Much appreciated you looked at the patchset!
On Wed, Dec 27, 2017 at 09:14:52PM +0100, Guido Günther wrote: > Hi, > On Wed, Dec 27, 2017 at 08:42:49PM +0100, Salvatore Bonaccorso wrote: > > This *preliminary* patchset for review is for the changes needed after > > we would switch from alioth to salsa for the secure-testing repository. > > While needing to do the svn to git conversion the opportunity was taken > > to rename the repository to security-tracker as the naming > > secure-testing was for historical reason when the testing security > > support arised. > > This looks good! I applied your patches to my checkout I found some more > svn references in > > * tracker 'latest_revision' method Jupp that was what I mean that I need here some insights from a LTS member and how the script functions. > * website/uploading.html That was intentional, because the uploading.html is mostly for historic reference there when the secure-testing project arised. It is about DTSA. We can change that but I though we could leave that site as it is. > * doc/soriano.txt (which needs to match what we do in > security-tracker-service I guess) Yes that is pending, I waited for that part before security-tracker-service are sorted out, so that the documentation then can mirror how it's now then actually set up on soriano. > * the security-tracker-service repo have that already :). But I'm unahappy with my current versions, thus I have not sent those yet. Basically: I'm struggling with a proper replacement of such constructs: cd /srv/security-tracker.debian.org/website/secure-testing/data && svn update && ../bin/update && svn commit -qm "automatic update" CVE && cd CVE && ../../bin/bts-update list > Should we create WiP/git-migration branches in the secure-testing and > security-tracker-service repos so others can send in pull requests? > > We could rebase the branch in the secure-testing repo from time to time > so catch up with the changes in the svn repo. Give me a bit of time to think about it. My intention was to not clutter now what we have on salsa as mirror and constantly push updates there. And once we go live, add the Debian group as allowed to push, and block the original svn repository. I would like to avoid that people already start pushing to the git repository directly. Or do you mean to still create the branches on the git repo on salsa (accessible readonly, so that people can contribute based on that, rather based on patch for pull requests? As said, I would like to not operate directly on the git repo until the switch to not cause problems. Our live instance is currently still the svn repo). I would expect we solve the open problems soonish enough so we can do the switch. That is: 1/ desire of commit mailinglist 2/ how to do the updates with the sectracker role account specific to some files (e.g. automatic updates, data/CVE/list update, dsa canditate finding). Thanks a lot for your contribution Guido! Salvatore
