Re: Bug#907723: link package versions on security-tracker to source packages
On Sat, Sep 1, 2018 at 5:53 PM, Holger Levsen wrote: > On Sat, Sep 01, 2018 at 12:43:58PM +0800, Paul Wise wrote: >> > So, I always go to [1] with my web browser, copy the URL of the .dsc file >> > and then dget that .dsc file. >> This misses out verifying apt signatures. > > the .dsc file is signed and dget verifies it. dget does not verify the apt signatures though, since it does not download them. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Bug#907723: link package versions on security-tracker to source packages
On Sat, Sep 01, 2018 at 12:43:58PM +0800, Paul Wise wrote: > > So, I always go to [1] with my web browser, copy the URL of the .dsc file > > and then dget that .dsc file. > This misses out verifying apt signatures. the .dsc file is signed and dget verifies it. -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#907723: link package versions on security-tracker to source packages
On Sat, Sep 1, 2018 at 5:48 AM, Mike Gabriel wrote: > when working for the LTS team, I regularly need to download source packages > from the LTS version of Debian. My development machine normally runs a newer > Debian version, having deb-src URLs for Debian LTS in sources.list is > possible but not a good option (for me) as it increases latency for apt > update. I would suggest you use either apt-venv or chdist (from devscripts) to enable you to have the apt metadata for LTS and stable releases so that you can easily download the source using apt. I do this and have a cron job to automatically run apt update for each chdist. > So, I always go to [1] with my web browser, copy the URL of the .dsc file > and then dget that .dsc file. This misses out verifying apt signatures. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#907723: link package versions on security-tracker to source packages
Control: close -1 Control: tags -1 wontfix HI Moritz, On Fr 31 Aug 2018 23:59:07 CEST, Moritz Mühlenhoff wrote: On Fri, Aug 31, 2018 at 09:48:52PM +, Mike Gabriel wrote: Package: security-tracker Severity: wishlist X-Debbugs-Cc: debian-...@lists.debian.org Hi, when working for the LTS team, I regularly need to download source packages from the LTS version of Debian. My development machine normally runs a newer Debian version, having deb-src URLs for Debian LTS in sources.list is possible but not a good option (for me) as it increases latency for apt update. So, I always go to [1] with my web browser, copy the URL of the .dsc file and then dget that .dsc file. However, for the actual CVE tracking work, I browse the security-tracker.debian.org platform. This could be my only web tool to use, if it allowed me to download source packages directly from there. Unfortunately, this is not (yet) possible. On a page like this [2] all package versions of the given package in Debian are listed, so it should be easy to make these version strings clickable hyperrefs that either link to the corresponding page on [1] or even directly to the .dsc file of that version in the package archive (the latter would be my preferred choice). Is that something that would be helpful to others using the security-tracker? What would be the preferred linking target, if so, then? Looking forward to some feedback from Security team members and LTS members. I'd be happy to put some work into this, if liked by others. The PTS does exactly that and the Security already links there. Adding this to the Security would be a duplication of effort and also out of scope. Cheers, Moritz Ah... I see. I oversaw the PTS links. And there I now found the .dsc URL links. Nice and sufficient. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpnReXsCZ0CX.pgp Description: Digitale PGP-Signatur
Processed: Re: Bug#907723: link package versions on security-tracker to source packages
Processing control commands: > close -1 Bug #907723 [security-tracker] link package versions on security-tracker to source packages Marked Bug as done > tags -1 wontfix Bug #907723 {Done: Mike Gabriel } [security-tracker] link package versions on security-tracker to source packages Added tag(s) wontfix. -- 907723: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907723 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#907723: link package versions on security-tracker to source packages
On Fri, Aug 31, 2018 at 09:48:52PM +, Mike Gabriel wrote: > Package: security-tracker > Severity: wishlist > X-Debbugs-Cc: debian-...@lists.debian.org > > Hi, > > when working for the LTS team, I regularly need to download source packages > from the LTS version of Debian. My development machine normally runs a newer > Debian version, having deb-src URLs for Debian LTS in sources.list is > possible but not a good option (for me) as it increases latency for apt > update. > > So, I always go to [1] with my web browser, copy the URL of the .dsc file > and then dget that .dsc file. > > However, for the actual CVE tracking work, I browse the > security-tracker.debian.org platform. This could be my only web tool to use, > if it allowed me to download source packages directly from there. > Unfortunately, this is not (yet) possible. > > On a page like this [2] all package versions of the given package in Debian > are listed, so it should be easy to make these version strings clickable > hyperrefs that either link to the corresponding page on [1] or even directly > to the .dsc file of that version in the package archive (the latter would be > my preferred choice). > > Is that something that would be helpful to others using the > security-tracker? What would be the preferred linking target, if so, then? > > Looking forward to some feedback from Security team members and LTS members. > I'd be happy to put some work into this, if liked by others. The PTS does exactly that and the Security already links there. Adding this to the Security would be a duplication of effort and also out of scope. Cheers, Moritz
Bug#907723: link package versions on security-tracker to source packages
Package: security-tracker Severity: wishlist X-Debbugs-Cc: debian-...@lists.debian.org Hi, when working for the LTS team, I regularly need to download source packages from the LTS version of Debian. My development machine normally runs a newer Debian version, having deb-src URLs for Debian LTS in sources.list is possible but not a good option (for me) as it increases latency for apt update. So, I always go to [1] with my web browser, copy the URL of the .dsc file and then dget that .dsc file. However, for the actual CVE tracking work, I browse the security-tracker.debian.org platform. This could be my only web tool to use, if it allowed me to download source packages directly from there. Unfortunately, this is not (yet) possible. On a page like this [2] all package versions of the given package in Debian are listed, so it should be easy to make these version strings clickable hyperrefs that either link to the corresponding page on [1] or even directly to the .dsc file of that version in the package archive (the latter would be my preferred choice). Is that something that would be helpful to others using the security-tracker? What would be the preferred linking target, if so, then? Looking forward to some feedback from Security team members and LTS members. I'd be happy to put some work into this, if liked by others. Thanks+Greets, Mike [1] https://packages.debian.org/source// [1] https://security-tracker.debian.org/tracker/CVE-2018-10873 -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpvGBk50T0bN.pgp Description: Digitale PGP-Signatur