On Thu, January 24, 2008 23:56, Moritz Muehlenhoff wrote: > The solution would be a script, which is subscribed to d-s-a, transforms > the advisory mails and auto-commits them. If a transformation error is > detected, a note can be sent to [EMAIL PROTECTED] and fixed manually.
We are going to change the format of the mails anyway when Sarge is EOL, which happens in 10 weeks: at that point we can drop the MD5 sums from the emails, making it also unnecessary for the web version to link to the mailinglist mail as we have to do now. Would it be an idea to implement the changes at that time? The format changes anyway, so it seems like a good time to implement a good parsing script. I'm willing to do that and make it autocommit things if they can be correctly parsed. A whole different stragegy would be to base ourselves on the tracker, however, that doesn't currently have all relevant information (most prominently the freeform description of the vulnerability). On the other hand the tracker has all other relevant info (package name, "subject" description of problem, versions for different suites, CVE-ids) in a structured form. We could turn it around and make the website source its information there, and find a way to add things that are currently missing to the tracker. One can imagine this setup: * The list on the front page is just as it is now, and generated from the tracker; * The per-item page is also generated from the tracker and includes CVE id's, fixed versions and an auto-generated link to the mailinglist archives with the full text of the DSA. This would make the web versions more "basic" but with the key data, and those looking for more detail can be referred to the archived mail. In the mean time, I'll make sure that our backlog is caught up by tomorrow so we don't confuse users while discussing this. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
