Re: Switching the tracker to git
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Sep 14, 2014 at 07:06:46PM -0400, micah wrote: > My guess is that the only reason that subversion is still used is > inertia and that people would be happier with git. However, I'm curious > to know if anyone thinks otherwise? In my experience Git also takes more time per commit if we are talking about making branches and/or pull requests. What would be the actual benefits of moving to Git and I'm not talking about some minor speed improvements. Please also note that there are hooks in SVN currently and I'm not sure if those can be migrated to Git. I'm more than happy to discuss this case in detail and even help to implement it if/when team starts to move that direction. - --- Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQWehsACgkQXf6hBi6kbk85kACgpTjcLWEXY8EHeqPvuCQbhs25 KX8AoKZWcUybX/NOYRTavwp3tyR4TTX6 =rNOU -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140915053315.ga19...@kludge.henri.nerv.fi
Re: Switching the tracker to git
Hi Micah, On Sun, Sep 14, 2014 at 07:06:46PM -0400, micah wrote: > > Hello, > > As it stands now, the security tracker is using subversion. > > Here are the facts as far as I can tell: > > . people doing work on the tracker are using svn to commit > . h01ger is doing a regular git-svn import of the tracker repository > . there is a regular cron job run by joeyh that does the automatic updates: > joeyh r28744 data/CVE/list * automatic update > . the web interface probably has some automated process to pull the > latest updates over svn > > My guess is that the only reason that subversion is still used is > inertia and that people would be happier with git. However, I'm curious > to know if anyone thinks otherwise? > > I don't exactly have the time right now to volunteer for changing > things, but I thought that the first step would be to see what people > thought, and then maybe if it was clear what people's preferences were, > perhaps someone might volunteer! Yep basically it was the following: We discussed this at the security team meeting were agreein on switching to git but it is not moving forward due to lack of time and volunteers. But also it is not only the repository but some components around which need to be considered, as you pointed out above. When converting the svn repository to git also a author name list needs to be created just before making the move[1]. I was involved in such a project for the Debian Perl Group svn to git conversion moving ~2000 packages in one svn repo to git. It is simpler here! :). Just after the security team meeting I did an unofficial PoC for this, so can confirm this works. We had a little amount of disussion about this, but this unforunately part of it happend on the team alias email, so was not public. I never went further ahead. [1] http://git-scm.com/book/en/Git-and-Other-Systems-Migrating-to-Git http://anonscm.debian.org/cgit/collab-maint/secure-testing.git/.git/ is a start, but the repository needs to be properly converted by generating an svn author list. joeyh's cronjob needs to be moved to the role account which we have now already. Raphael Geisert requested it. The setup on soler (the security-tracker.d.o hosting host) will also need adjustment to the conversion before we would go live (cronjobs, checkouts triggered by commit mails, ...). The setup there relies on the svn checkout right now, it is documented in the soler.txt file in the repository. SVN hooks needs to be convered. E.g. the one which does some sanity check as precommit. One other point we wanted to do (see the minutes from the meeting, should be documented there) in one go was to rename the project from secure-testing to something else, since it is long already not about secure-testing. But this probably could be split. I have asked for this alioth admins how easily we could rename an existing project to something else, but have not got a reply on this. Ah yes there is also https://contributors.debian.org/source/Debian%20Security%20Tracker :) It is in my pov good to move to git, There are some aspects which need to be considered before the move, as we absolutely need to have a working security-tracker instance for the security team's work. Work was relatively hard and stalled in some parts when alioth wen down as a example. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140915051518.ga26...@lorien.valinor.li
Re: Switching the tracker to git
On Sun, Sep 14, 2014 at 7:06 PM, micah wrote: > > Hello, > > As it stands now, the security tracker is using subversion. > > Here are the facts as far as I can tell: > > . people doing work on the tracker are using svn to commit > . h01ger is doing a regular git-svn import of the tracker repository > . there is a regular cron job run by joeyh that does the automatic updates: > joeyh r28744 data/CVE/list * automatic update > . the web interface probably has some automated process to pull the > latest updates over svn > > My guess is that the only reason that subversion is still used is > inertia and that people would be happier with git. However, I'm curious > to know if anyone thinks otherwise? There has been discussion of switching to git for a while now. Last security team meeting it was decided to stay with svn since no one volunteered to lead conversion to get. So if someone volunteered for that, it could happen. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=MNWp8WeL8ScC5Ai7r+kn0e_v=tles0yebfexctqnn2...@mail.gmail.com
Processed: pending
Processing commands for cont...@bugs.debian.org: > tags 742855 + pending Bug #742855 [security-tracker] security-tracker: tabular view should always be by release order Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 742855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742855 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14107393227767.transcr...@bugs.debian.org
Bug#742855: Sort releases correctly in tabular view. (Closes: #742855)
Hi Salvatore, On Samstag, 13. September 2014, Salvatore Bonaccorso wrote: > I tested the patch in my local instance. yeah, it's clearly the wrong patch, I attached, sorry. > libspring-java as by now, might change in future, shows right now: > This should be ordered (and for future releases): > > Bug | wheezy | jessie | sid| Description the instance here does so, and it also orders them within releases by '', 'security', 'lts' :) And that's the patch posted for #742382, which I've attached for clarity. Regarding the patch I accidently send to this bug: > I tested the patch in my local instance. It does sort now the CVEs in > descending order, which was not what I meant. We had so far the oldest > CVEs on top which this patch would changes. I think this should still be done, newer stuff is usually more interesting (so here) and should thus be displayed on top. The reasoning "because it has been like this since always" is not so convincing. cheers, Holger cheers, Holger From 808d4d51b67cf8a756c3bfbd290c2ade2d8a Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Sat, 13 Sep 2014 01:47:11 +0200 Subject: [PATCH] Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382) --- bin/tracker_service.py| 13 ++--- lib/python/security_db.py | 19 +-- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/bin/tracker_service.py b/bin/tracker_service.py index fb3fd27..48ad599 100644 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -545,19 +545,18 @@ to improve our documentation and procedures, so feedback is welcome.""")])]) pkg = path[0] def gen_versions(): -for (releases, version) in self.db.getSourcePackageVersions( -self.db.cursor(), pkg): -yield ', '.join(releases), version +for (release, version) in self.db.getSourcePackageVersions( +self.db.cursor(), pkg): +yield release, version def gen_bug_list(lst): for (bug, description) in lst: yield self.make_xref(url, bug), description suites = () -for (releases, version) in self.db.getSourcePackageVersions( +for (release, version) in self.db.getSourcePackageVersions( self.db.cursor(), pkg): -for r in releases: -if r not in suites: -suites = suites + (r,) +if release not in suites: +suites = suites + (release,) def gen_summary(bugs): for (bug, description) in bugs: diff --git a/lib/python/security_db.py b/lib/python/security_db.py index 8831079..8316ef9 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -432,6 +432,14 @@ class DB: return -1 self.db.createscalarfunction("release_to_number", release_to_number, 1) +subreleases = ['', 'security', 'lts'] +def subrelease_to_number(u): +try: +return subreleases.index(u) +except ValueError: +return -1 +self.db.createscalarfunction("subrelease_to_number", subrelease_to_number, 1) + def release_name(release, subrelease, archive): if archive <> 'main': release = release + '/' + archive @@ -1566,14 +1574,13 @@ class DB: """A generator which returns tuples (RELEASE-LIST, VERSION), the available versions of the source package pkg.""" -for (releases, version) in cursor.execute( -"""SELECT string_list(release) AS releases, version -FROM (SELECT release, version FROM source_packages +for (release, version) in cursor.execute( +"""SELECT release_name(release, subrelease, archive) +AS release, version FROM source_packages WHERE name = ? AND release IN ('squeeze', 'wheezy', 'jessie', 'sid') -ORDER BY release_to_number(release)) -GROUP BY version""", (pkg,)): -yield releases.split(', '), version +ORDER BY release_to_number(release), subrelease_to_number(subrelease)""", (pkg,)): +yield release, version def getBinaryPackageVersions(self, cursor, pkg): """A generator which returns tuples (RELEASE-LIST, -- 1.9.1 signature.asc Description: This is a digitally signed message part.
Bug#611163: nice css: let there be patches...
Hi, See attached or branch html5+external_css from ssh://git.debian.org/git/collab-maint/secure-testing.git These patches turn the html into html5 and introduce a modern, slick css style inspired from tracker.d.o - enjoy! :) & Feedback welcome! cheers & thanks to Ulrike for the nice work! Holger From 1317d0e6a710195c3012f6b84afeebddfddfde20 Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Sun, 14 Sep 2014 22:36:54 +0200 Subject: [PATCH 1/4] tracker_service.py: add support for external css files --- bin/tracker_service.css | 0 bin/tracker_service.py| 11 +-- lib/python/web_support.py | 6 +++--- 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 bin/tracker_service.css diff --git a/bin/tracker_service.css b/bin/tracker_service.css new file mode 100644 index 000..e69de29 diff --git a/bin/tracker_service.py b/bin/tracker_service.py index bb1411a..79662b0 100644 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -160,6 +160,13 @@ function onSearch(query) { self.register('data/pts/1', self.page_data_pts) self.register('debsecan/**', self.page_debsecan) self.register('data/report', self.page_report) +self.register('style.css', self.page_style_css) + +def page_style_css(self, path, params, url): +f=open('tracker_service.css', 'r') + content=f.read() + f.close() +return BinaryResult(content,'text/css') def page_home(self, path, params, url): query = params.get('query', ('',))[0] @@ -1198,13 +1205,13 @@ Debian bug number.'''), data.append(':') data.append(str(bugs)) data.append('\n') -return BinaryResult(''.join(data)) +return BinaryResult(''.join(data),'application/octet-stream') def page_debsecan(self, path, params, url): obj = '/'.join(path) data = self.db.getDebsecan(obj) if data: -return BinaryResult(data) +return BinaryResult(data,'application/octet-stream') else: return self.create_page( url, "Object not found", diff --git a/lib/python/web_support.py b/lib/python/web_support.py index 3c3ab99..e8b055c 100644 --- a/lib/python/web_support.py +++ b/lib/python/web_support.py @@ -620,7 +620,7 @@ class RedirectResult(Result): class HTMLResult(Result): """An object of this class combines a status code with HTML contents.""" -def __init__(self, contents, status=200, doctype=''): +def __init__(self, contents, doctype='', status=200): self.contents = contents self.status = status self.doctype = doctype @@ -649,8 +649,8 @@ class HTMLResult(Result): class BinaryResult(Result): """An object of this class combines a status code with HTML contents.""" -def __init__(self, contents, status=200, - mimetype='application/octet-stream'): +def __init__(self, contents, + mimetype='application/octet-stream', status=200): self.contents = contents self.status = status self.mimetype = mimetype -- 1.9.1 From d172f236441c888a3e47a40363d4b1f283709a98 Mon Sep 17 00:00:00 2001 From: u451f Date: Sun, 14 Sep 2014 22:43:06 +0200 Subject: [PATCH 2/4] use modern html5 css. switch to external stylesheet. --- bin/tracker_service.css | 133 ++ bin/tracker_service.py| 55 --- lib/python/web_support.py | 12 - 3 files changed, 164 insertions(+), 36 deletions(-) diff --git a/bin/tracker_service.css b/bin/tracker_service.css index e69de29..0e02a61 100644 --- a/bin/tracker_service.css +++ b/bin/tracker_service.css @@ -0,0 +1,133 @@ +html { + font-size: 100%; + -webkit-text-size-adjust: 100%; +-ms-text-size-adjust:100%; +} + +body { + width: 90%; + max-width: 1200px; + margin: 2em auto 1em; + font-family: "Helvetica Neue",Helvetica,Arial,sans-serif; + font-size: 14px; + line-height: 20px; + color: #33; +} + +header { + border-bottom: 1px solid crimson; + margin-bottom: 2em; +} + +a { + color:#0088cc; + text-decoration:none; +} + +a:hover, a:focus { + color:#005580; + text-decoration:underline; +} + +ul, li { + list-style: none; +} + +ul, ol { + padding-left: 0; +} + +h1 { + font-size : 250%; + padding: 0; + margin: 0; + line-height: 1.4em; +} + +h2 { + font-size : 110%; + background: crimson; + margin: 1em 0 0; + padding: 0.5em; + color: #fff; + border-top-left-radius: 0.5em; + border-top-right-radius: 0.5em; +} + +h3 { + font-size : 110%; +} + +table { + width: 100%; + border: 1px solid #ddd; + border-radius: 0.5em; + border-collapse: collapse; + box-shadow: 0 1px 3px #eee; + margin-bottom: 2em; +} + +tr(even) { + background-color: #fafafa; +} + +td, th { + text-align: left; + padding: 0.25em 0.5em; + border-bottom: 1px solid #ddd; + border-collapse: collapse; + vertical-align: top; +} + +table tr:last-child td { + border: none; +} + +th { + background: #eee; + p
Switching the tracker to git
Hello, As it stands now, the security tracker is using subversion. Here are the facts as far as I can tell: . people doing work on the tracker are using svn to commit . h01ger is doing a regular git-svn import of the tracker repository . there is a regular cron job run by joeyh that does the automatic updates: joeyh r28744 data/CVE/list * automatic update . the web interface probably has some automated process to pull the latest updates over svn My guess is that the only reason that subversion is still used is inertia and that people would be happier with git. However, I'm curious to know if anyone thinks otherwise? I don't exactly have the time right now to volunteer for changing things, but I thought that the first step would be to see what people thought, and then maybe if it was clear what people's preferences were, perhaps someone might volunteer! micah pgpIClUjNvJMk.pgp Description: PGP signature
Processed: make generated HTML CSS-friendlier
Processing control commands: > tags -1 + pending Bug #611163 [security-tracker] make generated HTML CSS-friendlier Added tag(s) pending. -- 611163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611163 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b611163.14107327735144.transcr...@bugs.debian.org
Bug#611163: make generated HTML CSS-friendlier
control: tags -1 + pending # *lalala* # preview in ssh://git.debian.org/git/collab-maint/secure-testing.git # not yet merge ready though, but a nice preview thanks # mostly not my work, just very *lalala* :) signature.asc Description: This is a digitally signed message part.
External check
CVE-2014-3632: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run. -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54153946.zprb8erdftic1spq%atomo64+st...@gmail.com