Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
On Wed, 18 Feb 2015, Raphael Hertzog wrote: One thing that comes to my mind is that we probably also want the associated Debian bug number when there's an associated bug report. So instead of a plain CVE identifier we probably want a hash: { 'id': 'CVE--', 'bug': '12345', 'severity': 'low' } That way we could also export the severity and easily add more data in case of future needs. And I just thought that I would like to have the status... in particular to differentiate no-dsa issues. status: open|no-dsa|end-of-life|resolved ? or just status: open|resolved no-dsa: True|False This would suggest to have a single list of issues per suite and have the status/severity in the data of each CVE: 'bind9': { 'squeeze': { 'CVE--': { 'status': 'open|resolved', 'severity': 'unimportant|low|normal|high|unknown', 'no-dsa': True|False, 'end-of-life': True|False, }, ... ], 'wheezy': [ ... ] }, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150218104500.ga10...@home.ouaza.com
Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
Hi, On Tue, 16 Sep 2014, Raphael Hertzog wrote: Let's not continue that bad tradition. If anything it should provide either YAML or JSON with something structured: bind9: squeeze: open: - CVE-XXX - CVE-YYY open-unimportant: - ... resolved: - ... wheezy: ... One thing that comes to my mind is that we probably also want the associated Debian bug number when there's an associated bug report. So instead of a plain CVE identifier we probably want a hash: { 'id': 'CVE--', 'bug': '12345', 'severity': 'low' } That way we could also export the severity and easily add more data in case of future needs. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150218101411.ga9...@home.ouaza.com
Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
Hi, On Tue, 16 Sep 2014, Holger Levsen wrote: the information gathered in the security-tracker should be displayed in the package tracker.d.o. It's already there, see the 20 security issues in https://tracker.debian.org/pkg/linux When you click on the question mark you get access to the link. This should be improved so that the link is directly accessible without going through the extended info but the info should be there. Have you seen a package where there was no such entry and where it should have had one? Each source package has a URL of the form https://security-tracker.debian.org/tracker/source-package/bind9 bind9 is not in the list exported by the tracker at https://security-tracker.debian.org/tracker/data/pts/1 So the list seems to be limited to open issues in sid. We might want to improve this and provide a better overview of the release where security issues are open. Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140916072541.gb25...@x230-buxy.home.ouaza.com
Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
On Tue, 16 Sep 2014, Holger Levsen wrote: On Dienstag, 16. September 2014, Raphael Hertzog wrote: Let's not continue that bad tradition. If anything it should provide either YAML or JSON with something structured: I agree. Any preference? JSON is more web-friendly, I would pick that. YAML is the best choice for files manually managed by humans but when it's generated by code, JSON is a better idea IMO. Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140916120311.gg23...@x230-buxy.home.ouaza.com
Processed: Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
Processing commands for cont...@bugs.debian.org: clone 761730 -1 Bug #761730 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Bug 761730 cloned as bug 761859 reassign -1 security-tracker Bug #761859 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Bug reassigned from package 'tracker.debian.org' to 'security-tracker'. Ignoring request to alter found versions of bug #761859 to the same values previously set Ignoring request to alter fixed versions of bug #761859 to the same values previously set retitle 761730 tracker.d.o: please provide more detailed information about security issues Bug #761730 [tracker.debian.org] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Changed Bug title to 'tracker.d.o: please provide more detailed information about security issues' from 'tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG' retitle -1 security-tracker: please provide more information via JSON file for tracker.d.o Bug #761859 [security-tracker] tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG Changed Bug title to 'security-tracker: please provide more information via JSON file for tracker.d.o' from 'tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG' block 761730 by -1 Bug #761730 [tracker.debian.org] tracker.d.o: please provide more detailed information about security issues 761730 was not blocked by any bugs. 761730 was not blocking any bugs. Added blocking bug(s) of 761730: 761859 thanks Stopping processing here. Please contact me if you need assistance. -- 761730: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761730 761859: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.141086958929656.transcr...@bugs.debian.org
Re: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
On Tue, September 16, 2014 09:10, Paul Wise wrote: Could we get a new URL that also has information about unimportant and resolved issues and DSAs? I would suggest a format like what lintian uses: Not sure what you'd use that additional info for, but I would heartily disrecommend to display unimportant issues in the PTS; the idea of unimportant is that they are just that, and that no action is needed. If we would display unimportant issues in the PTS, this would for some packages lead to semi-permanent notice of issues, thereby reducing the attention value when an actual issue is found. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/554a939c52f0eac6847a4d6f4f9eb943.squir...@aphrodite.kinkhorst.nl