Bug#859123: heads up: DLA should now be published on the website
On 2019-02-21 18:18:06, Holger Levsen wrote:
> Hi Antoine,
>
> On Mon, Feb 18, 2019 at 04:10:47PM -0500, Antoine Beaupré wrote:
>> But my little finger tells me there are many DLAs still missing from the
>> website. So even if/when the above MR does get merged, more entries will
>> be missing. So someone will need to make sure to run the check script to
>> make sure no entries are missing regularly, see also:
>> https://salsa.debian.org/webmaster-team/cron/merge_requests/1
>
> I've looked at this script now, it works nicely, just our results are
> not so good yet:
>
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories 2>&1 |wc -l
> 314
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA
> 2>&1 |wc -l
> 1762
> ~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA
> 2>&1 | head -10
> ERROR: .data or .wml file missing for DLA 1685-1
> ERROR: .data or .wml file missing for DLA 1684-1
> ERROR: .data or .wml file missing for DLA 1683-1
> ERROR: .data or .wml file missing for DLA 1660-2
> ERROR: .data or .wml file missing for DLA 1682-1
> ERROR: .data or .wml file missing for DLA 1681-1
> ERROR: .data or .wml file missing for DLA 1680-1
> ERROR: .data or .wml file missing for DLA 1679-1
> ERROR: .data or .wml file missing for DLA 1678-1
> ERROR: .data or .wml file missing for DLA 1677-1
> debian-work:~/Projects/debian-www/webwml$
>
> -> this script is incorrect/broken for DLAs it seems, as
> https://www.debian.org/lts/security/ does list the DLAs 1677-1681,
> just DLAs 1682-1685 are missing. And they are called DLA-1234 there,
> not "DLA 1234-1"...
Weird. Is your local checkout up to date? What if you run in debug mode?
> Also, if this merge request would be merged, it would just run it in
> normal, DSA, mode. Do you have a suggestion how to run it in DLA mode?
We could simply change the default here:
parser.add_argument('--mode', default='DSA', choices=('DSA', 'DLA'),
help='which sort of advisory to check (default:
%(default)s)') # noqa: E501
a.
--
If you have come here to help me, you are wasting our time.
But if you have come because your liberation is bound up with mine, then
let us work together.- Aboriginal activists group, Queensland, 1970s
Bug#859123: heads up: DLA should now be published on the website
On 2019-02-01 20:58:28, Holger Levsen wrote: > On Fri, Feb 01, 2019 at 01:58:04PM -0500, Antoine Beaupré wrote: [...] > can you please put that on wiki.d.o/LTS/Development?! This is now done. I added a new section to the wiki https://wiki.debian.org/LTS/Development#Publishing_updates_on_the_website The TL;DR: is that you now need to clone the main website and issue a merge request when you publish a DLA. Once you have a clone, it should be as simple as: parse-dla.pl git checkout -b DLA--Y git add 2019 git commit -m'DLA-XXX-Y' git push -u origin salsa mr I've done one more mass import, hopefully the last: https://salsa.debian.org/webmaster-team/webwml/merge_requests/58 But my little finger tells me there are many DLAs still missing from the website. So even if/when the above MR does get merged, more entries will be missing. So someone will need to make sure to run the check script to make sure no entries are missing regularly, see also: https://salsa.debian.org/webmaster-team/cron/merge_requests/1 Obviously, this workflow is not optimal and could be automated, see also #859123 (in CC). Thank you for your time. A. -- Omnis enim ex infirmitate feritas est. All cruelty springs from weakness. - Lucius Annaeus Seneca (58 AD)
Bug#859122: about 500 DLAs missing from the website
On 2019-02-12 08:13:18, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Feb 09, 2019 at 03:55:44AM +0100, Laura Arjona Reina wrote:
>> * We still need the Apache redirects, so the people that try the old
>> URLs (wether directly because they knew, or via the security tracker),
>> find the files they need. What we need to do is send a patch to
>>
>> https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/templates/apache-www.debian.org.erb
>>
>> that sets the redirect from
>> https://www.debian.org/security/any_year/dla-whatever to
>> https://www.debian.org/security/lts/any_year/dla-whatever
>>
>> * Adaptation in the security tracker so the new URL paths are used from
>> now on is also needed.
>
> I have the attached patch commited in a local branch, but want first
> to confirm is this the final intended URL to reach the DLAs?
>
> Regards,
> Salvatore
> From ceda9e3d1fc38f505462bce8c0aa4cdd2b165d87 Mon Sep 17 00:00:00 2001
> From: Salvatore Bonaccorso
> Date: Tue, 12 Feb 2019 08:10:16 +0100
> Subject: [PATCH] Adapt URL to DLA advisories in a
> https://www.debian.org/security/lts/
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be
> separated in different supages. This needs adaption for the URL
> referenced in the source fields of the security-tracker for DLAs.
>
> Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
> ---
> bin/tracker_service.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/bin/tracker_service.py b/bin/tracker_service.py
> index 971f4b4e38eb..a2ea755d8f39 100755
> --- a/bin/tracker_service.py
> +++ b/bin/tracker_service.py
> @@ -1574,7 +1574,7 @@ Debian bug number.'''),
> for (date,) in self.db.cursor().execute(
> "SELECT release_date FROM bugs WHERE name = ?", (dla,)):
> (y, m, d) = date.split('-')
> -return
> url.absolute("https://www.debian.org/security/%d/dla-%d;
> +return
> url.absolute("https://www.debian.org/security/lts/%d/dla-%d;
> % (int(y), int(number)))
> return None
I believe this is backwards, you want /lts/security, not /security/lts.
For example:
https://www.debian.org/lts/security/2019/dla-1659
I was also hoping to see the "errata number" in there, but it seems I
was mistaken.
--
L'ennui avec la grande famille humaine, c'est que tout le monde veut
en être le père.
- Mafalda
Bug#859122: about 500 DLAs missing from the website
On 2019-02-09 14:39:50, Holger Levsen wrote: > Hi Laura, > > many many thanks for your work on this, including and especially this > writeup! > > some comments below, where I dont say anything I mean 'yay"! :) > > On Sat, Feb 09, 2019 at 03:55:44AM +0100, Laura Arjona Reina wrote: >> * The /lts/security//index.*.html files show the last advisory for >> the cases where there are several files with the same beginning (e.g. >> for DSA- and DSA--2, both html files are generated, but the >> index only points to the -2 file). If this is not the intended >> behaviour, changes in index.wml and Makefiles are needed. > > I think we want the other DLAs linked from the indexes as well. > > shall we file a bug to not forget this? I looked into this, and couldn't figure it out. Please do file a bug for now, I have no idea how to fix this... [...] >> * We still need the Apache redirects, so the people that try the old >> URLs (wether directly because they knew, or via the security tracker), >> find the files they need. What we need to do is send a patch to >> >> https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/templates/apache-www.debian.org.erb >> >> that sets the redirect from >> https://www.debian.org/security/any_year/dla-whatever to >> https://www.debian.org/security/lts/any_year/dla-whatever > > right. shall we file a bug to not forget this? Filed the patch here: https://salsa.debian.org/anarcat/dsa-puppet/merge_requests/1 Reviews welcome. I'm particularly doubtful of the dla-map thing - it's not in the source repo, but can I assume it's present on the website deployment? >> * Adaptation in the security tracker so the new URL paths are used from >> now on is also needed. > > right. shall we file a bug to not forget this? Sure, please do. A. -- People arbitrarily, or as a matter of taste, assigning numerical values to non-numerical things. And then they pretend that they haven't just made the numbers up, which they have. Economics is like astrology in that sense, except that economics serves to justify the current power structure, and so it has a lot of fervent believers among the powerful. - Kim Stanley Robinson, Red Mars
Bug#859122: about 500 DLAs missing from the website
On 2019-02-09 03:55:44, Laura Arjona Reina wrote: > Hello all > > Holger Levsen merged the generated DLAs and I've worked to create the > /lts tree to show them separated from the DSA. I have moved to this new > /lts folder the DLAs from years 2014, 2015 and 2016 that we had already, > and remove them from the /security tree and removed references to DLAs > in the Makefiles/indexes in /security. > > I think it's mostly done, I've closed all the related MR except one, but > there are some small tasks left, that I hope we can solve together: > > * I have initially copied the content of /security/ to /lts/security, > removed subfolders that I think are not needed (audit, key-rollover, > oval, undated) and some other files that I think they were not needed > too. Then I did a search and replace DSA -> DLA, dsa- -> dla- in the > scripts, makefiles and indexes, and fixed the paths, and built locally > (with "make) and I couldn't spot errors, but I don't trust every file > that is currently in /lts/security is needed or has been used with my > "make" command, so a review of the folder (comparing it with /security) > done by an LTS or security team member, is welcome. It's true there's a lot of junk in there... I suspect most of the `.pl` scripts in there could actually be symlink to the main secteam scripts, because they are basically the same. I also suspect most of the stuff is unused, even from the secteam's point of view. For example, `check-cve-refs.pl` assumes there's a `security/data` directory in the website, which is not the case (anymore?). I would suggest removing those from at least the LTS section and have done so in the following MR: https://salsa.debian.org/webmaster-team/webwml/merge_requests/55 > * The README needs to be reviewed and adapted (I just did the search and > replace dsa -> dla and DSA -> DLA). Done as well in the same MR. > * I guess that parse-advisory.pl (and maybe others) can be removed, but > I was not confident to do it without advice. Done as well in the same MR. > * I didn't check the results of the generated RSS feeds. If anybody uses > RSS readers, a review is welcome too. It looks good to me here. > * The /lts/security//index.*.html files show the last advisory for > the cases where there are several files with the same beginning (e.g. > for DSA- and DSA--2, both html files are generated, but the > index only points to the -2 file). If this is not the intended > behaviour, changes in index.wml and Makefiles are needed. Ideally, we'd show both, is that possible? > * Please review the content (text, links) of these files: > > /lts/index.wml > /lts/security/index.wml > > I've tried to be short (for the case translators are fast and then you > decide to heavy rewrite, to not to loose much work). That makes sense to me. I wonder if we should link to the crossreferences.wml content, which is also relevant here. > * Translations have been handled, but I've left the *title* of these > files unchanged: > > french/lts/security/*/dla*.wml > russian/lts/security/*/dla*.wml > danish/lts/security/*/dla*.wml > japanese/lts/security/*/dla*.wml > > All those files have title "LTS Security Advisories from " (being > the year: 2014, or 2015, or 2016). I guess translators can do a > quick search and replace with the correct sentence and they don't need > to update the commit hash, that's already done. I'll contact translators > and point them to this message. Fair enough. > * This new /lts section of the website is not referenced yet in other > places of the Debian website. I'm not sure if it should be referenced in > /security, in /releases/, or in both. There is also the temptation > of creating a link in the homepage but there is also the suggestion of > reducing the links in the homepage, so... For now, I'll try to add it to > the sitemap and see how many references to the LTS wiki page we have > currently, to see if any of them can be replaced with link to this > section in the website. But I'll wait some days to do it because it's > not clear for me if you want to populate the section to cover all the > aspects of LTS, or keep it only/mainly for security stuff. I would avoid putting the LTS work too proeminently on the website at this point, to be honest. The goal of publishing those advisories there, for me, is coherence: they were already partly present and I wanted to have them *all* available *somewhere* with a predictable URL and RSS feeds (as opposed to, say the mailing list). We shouldn't get into the slippery debate of how much we want LTS content on the website, in my opinion. > * We still need the Apache redirects, so the people that try the old > URLs (wether directly because they knew, or via the security tracker), > find the files they need. What we need to do is send a patch to > > https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/templates/apache-www.debian.org.erb > > that sets the redirect from >
Bug#859123: automating process for publishing DLAs on the website
I'm looking at the update process for DLAs on the main website again. In #859122, I've mentioned that I have, again, updated the MR to include all DLAs up to DLA-1657-1. The www team folks tell me they will review that this weekend. But that mass-import process is kind of clunky: every time I need to download the entire archive, extract it, parse every email, and add the diff. It's slow and error prone and not automated, of course. So I'm bringing back the topic of how we should automate this. If I remember correctly, the current proposal is to add this as part of the workflow for LTS developers: when you send the announcement on the list, you also send a merge request on the website. This would get reviewed and merged by another LTS developer with access to the webwml repository: https://salsa.debian.org/webmaster-team/webwml/project_members At least me and Holger have those accesses for now, and I would suggest people who do regular frontdesk work could make sure those MR are reviewed and merged in a timely manner as well. Would that work for everyone here? If so, we can *already* start with that process, which would actually look like this. One time setup: git clone https://salsa.debian.org/webmaster-team/webwml cd webwml salsa fork Each time there's a new DLA: ./bin/gen-DLA --save $CHANGES # correctly claim the DLA $EDITOR DLA--Y # make sure the text is okay, like you normally # do before the email gets sent mutt -H DLA--Y # send the email cd ~/src/webwml/english/security git checkout -b DLA--Y ./parse-dla.pl ~-/DLA--Y git add 2019/DLA-XXX-Y* $EDITOR 2019/DLA--Y* # make sure everything looks good git add 2019/DLA-XXX-Y* git commit -m'DLA--Y advisory' git push -u origin salsa mr (Note: that "salsa" command is a new one shipped with devscripts. I only read the manpage and didn't actually test that. :) Unfortunately, once the MR is created, there's no magic command to merge it for reviewers... Seems like this needs to be done through the web interface.) I'd be happy if someone sat down and actually tested that procedure. The alternative, of course, is to setup "something" that would automatically parse emails to debian-lts-announce@l.d.o but I suspect that could be much more brittle than a manual operation like the above, even if it means slightly more work. Thank you for your attention. A. -- Hard times are coming when we will be wanting the voices of writers who can see alternatives to how we live now and can see through our fear-stricken society and its obsessive technologies to other ways of being, and even imagine some real grounds for hope. We will need writers who can remember freedom. Poets, visionaries—the realists of a larger reality. - Ursula Le Guin
Bug#859122: about 500 DLAs missing from the website
On 2018-12-19 18:05:36, Antoine Beaupré wrote: > The DLAs are visible here: > > https://www-staging.debian.org/security/2018/dla-1580 > > One thing that's unclear is how the entries get added to the main list > in: > > https://www-staging.debian.org/security/2018/ > > That still needs to be cleared up. That's actually in the webwml code, I opened a MR to add those: https://salsa.debian.org/webmaster-team/webwml/merge_requests/50 > In the meantime, I did do a mass > import here: > > https://salsa.debian.org/webmaster-team/webwml/merge_requests/47 ... and I just updated that with the latest, up until DLA-1657-1. A. -- It will be a great day when our schools get all the money they need and the air force has to hold a bake sale to buy a bomber. - Unknown
Bug#859122: automating process for publishing DLAs on the website
On 2018-12-19 11:09:10, Antoine Beaupré wrote: > On 2018-12-19 14:58:29, Holger Levsen wrote: >> On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: >>> > I also note #859122 is not marked 'patch'. >>> fixed. >> >> :) >> >>> >> I've requested access as an individual, for what that's worth. >>> > you were given access a week ago, too. \o/ >>> yup. I guess I could just merge my own patches now... or do you want to >>> review them and do that instead, so we can get at least a second pair of >>> eyes on them? >> >> I just briefly reviewed them (not being a debian-www expert) and they >> a.) looked good and b.) only affect our areas, so I do think you should >> merge them. > > i merged both patches, but it doesn't look like the change showed up on > the main website yet: > > https://www.debian.org/security/2018/ > > ... doesn't list any DLA, and those are both 404s: > > https://www.debian.org/security/2018/dla-1580 > https://www.debian.org/security/2018/dla-1561 This is actually processed every few hours, not directly after the CI runs. The DLAs are visible here: https://www-staging.debian.org/security/2018/dla-1580 One thing that's unclear is how the entries get added to the main list in: https://www-staging.debian.org/security/2018/ That still needs to be cleared up. In the meantime, I did do a mass import here: https://salsa.debian.org/webmaster-team/webwml/merge_requests/47 A. -- Le péché est né avant la vertu, comme le moteur avant le frein. - Jean-Paul Sartre
Bug#859123: automating process for publishing DLAs on the website
On 2018-12-19 18:05:36, Antoine Beaupré wrote: > On 2018-12-19 11:09:10, Antoine Beaupré wrote: >> On 2018-12-19 14:58:29, Holger Levsen wrote: >>> On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: >>>> > I also note #859122 is not marked 'patch'. >>>> fixed. >>> >>> :) >>> >>>> >> I've requested access as an individual, for what that's worth. >>>> > you were given access a week ago, too. \o/ >>>> yup. I guess I could just merge my own patches now... or do you want to >>>> review them and do that instead, so we can get at least a second pair of >>>> eyes on them? >>> >>> I just briefly reviewed them (not being a debian-www expert) and they >>> a.) looked good and b.) only affect our areas, so I do think you should >>> merge them. >> >> i merged both patches, but it doesn't look like the change showed up on >> the main website yet: >> >> https://www.debian.org/security/2018/ >> >> ... doesn't list any DLA, and those are both 404s: >> >> https://www.debian.org/security/2018/dla-1580 >> https://www.debian.org/security/2018/dla-1561 > > This is actually processed every few hours, not directly after the CI > runs. > > The DLAs are visible here: > > https://www-staging.debian.org/security/2018/dla-1580 > > One thing that's unclear is how the entries get added to the main list > in: > > https://www-staging.debian.org/security/2018/ > > That still needs to be cleared up. In the meantime, I did do a mass > import here: > > https://salsa.debian.org/webmaster-team/webwml/merge_requests/47 Sigh. I forgot to add that one issue that came up is duplicates: even though the security tracker enforces unique DLA identifiers fairly well, human error still creeps in and leads to duplicate DLA identifiers in the wild. This will make automation harder: the current parser croaks out on duplicate identifiers (and rightly so). I guess we can just punt that back to the humans: they just need to issue a new advisory with the correct identifier. The problem is this is first come, first serve: if DLA X is claimed by alice and bob comes in and publishes DLA X before alice has time to send the mail, DLA X is on the website and can't be reverted by the script and will need manual correction. I am worried this will be forgetten in the future... A. -- The difference between a democracy and a dictatorship is that in a democracy you vote first and take orders later; in a dictatorship you don't have to waste your time voting. - Charles Bukowski
Bug#859123: automating process for publishing DLAs on the website
On 2018-12-19 14:58:29, Holger Levsen wrote: > On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote: >> > I also note #859122 is not marked 'patch'. >> fixed. > > :) > >> >> I've requested access as an individual, for what that's worth. >> > you were given access a week ago, too. \o/ >> yup. I guess I could just merge my own patches now... or do you want to >> review them and do that instead, so we can get at least a second pair of >> eyes on them? > > I just briefly reviewed them (not being a debian-www expert) and they > a.) looked good and b.) only affect our areas, so I do think you should > merge them. i merged both patches, but it doesn't look like the change showed up on the main website yet: https://www.debian.org/security/2018/ ... doesn't list any DLA, and those are both 404s: https://www.debian.org/security/2018/dla-1580 https://www.debian.org/security/2018/dla-1561 Any ideas? A. -- Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream. Discover. - Mark Twain
Bug#859123: automating process for publishing DLAs on the website
On 2018-12-19 14:44:02, Holger Levsen wrote: > Hi Antoine, > > On Tue, Dec 11, 2018 at 10:15:15AM -0500, Antoine Beaupré wrote: [...] > I also note #859122 is not marked 'patch'. fixed. [...] >> I've requested access as an individual, for what that's worth. > > you were given access a week ago, too. \o/ yup. I guess I could just merge my own patches now... or do you want to review them and do that instead, so we can get at least a second pair of eyes on them? then if all is good I could push a batch to complete the backlog and get us started on an ongoing workflow... >> I've also got feedback from larjona on IRC, saying she didn't have time >> to work on this yet, but ping'd the team to see if someone else >> will. Otherwise she might be able to review our work in January. > > that's almost like next week ;) right, time flies! >> I wonder if we could consider more automation here to remove the manual >> push/pull process, because it seems it will be a significant source of >> friction in our process in the future... > > sure, more automation = better. > >> Anyways, hopefully we'll figure out a workflow soon enough. :) > > I'm confident we will, eventually. #859122 was filed >18 months ago, so > I don't think it's suddenly urgent, though I fully agree it would be > more than nice to have this fixed before the bug is two years old. yep. i'm not in a rush... a. -- One of the strongest motives that leads men to art and science is escape from everyday life with its painful crudity and hopeless dreariness. Such men make this cosmos and its construction the pivot of their emotional life, in order to find the peace and security which they cannot find in the narrow whirlpool of personal experience. - Albert Einstein
Bug#859123: automating process for publishing DLAs on the website
On 2018-11-20 15:30:21, Holger Levsen wrote: > On Mon, Nov 19, 2018 at 07:07:26PM -0500, Antoine Beaupré wrote: >> The process broke down a while back, and reasons don't matter. We need >> to figure out how to fix this. >> >> So I opened #859122 to import the missing DLAs and I've made good >> progress. >> >> But I've opened this bug report (#859123) to fix the process. So far, >> the idea we had was to make LTS contributors submit a patch to the >> website as part of the DLA publication process. You'd run the little >> "parse-dla.pl" script which would create two files in the webwml git >> repository, separate from the security tracker! that's where the >> debian.org website lives.. Then you'd commit those and send a merge >> request to the project (or just push if you have the rights). The >> webmaster folks seemed to be open to grant us access to the repo to >> remove friction as well.. >> >> How does that sound? > > sounds very good to me. thanks for your work on this so far! Right, agreed. :) I guess the script could both parse previous emails and future ones quite easily. The problem we have right now is we have no feedback from the www team on the patches proposed in #859122 so I don't know if the formatting is alright. Nor is it promising for the promptness with which the team can respond to our constant flurry of such MRs in the future... >> Another thing I thought we could do would be to hook that script into a >> mailbox that would receive mail from the debian-lts-announce list and >> automatically publish the results into git. But so far my efforts at >> automating things on Debian infrastructure have mostly failed, so I'm >> not sure it's the way to go. Besides, the parse-dsa.pl script isn't >> exactly solid, and don't like the idea of parsing arbitrary input like >> this without a human oversight. But it would certainly reduce friction >> to a minimum, which I like. > > I better like your above proposal than generating data from parsing mails > which > we have sent previously. > > So I've just requested webwml access from the debian-www folks. ... where did you do that? Considering that the patches I proposed now 3 weeks ago haven't been merged, it seems it would be imperative for all LTS people to have access to the www repository in our workflow. Or at least a significant numebr of people. Otherwise we'll just be clogging their review queue forever. I've requested access as an individual, for what that's worth. I've also got feedback from larjona on IRC, saying she didn't have time to work on this yet, but ping'd the team to see if someone else will. Otherwise she might be able to review our work in January. I wonder if we could consider more automation here to remove the manual push/pull process, because it seems it will be a significant source of friction in our process in the future... Anyways, hopefully we'll figure out a workflow soon enough. :) A. A. -- Gods don't like people not doing much work. People who aren't busy all the time might start to think. - Terry Pratchett, Small Gods
Bug#859123: automating process for publishing DLAs on the website
Hi! Many of you probably already know this website and its precious RSS feed: https://www.debian.org/security/ Few of you might already know that DLAs are *supposed* to show up in there as well, and did for a while. For example, here's a few DLAs in 2014: https://www.debian.org/security/2014/ The process broke down a while back, and reasons don't matter. We need to figure out how to fix this. So I opened #859122 to import the missing DLAs and I've made good progress. But I've opened this bug report (#859123) to fix the process. So far, the idea we had was to make LTS contributors submit a patch to the website as part of the DLA publication process. You'd run the little "parse-dla.pl" script which would create two files in the webwml git repository, separate from the security tracker! that's where the debian.org website lives.. Then you'd commit those and send a merge request to the project (or just push if you have the rights). The webmaster folks seemed to be open to grant us access to the repo to remove friction as well.. How does that sound? Another thing I thought we could do would be to hook that script into a mailbox that would receive mail from the debian-lts-announce list and automatically publish the results into git. But so far my efforts at automating things on Debian infrastructure have mostly failed, so I'm not sure it's the way to go. Besides, the parse-dsa.pl script isn't exactly solid, and don't like the idea of parsing arbitrary input like this without a human oversight. But it would certainly reduce friction to a minimum, which I like. Any other ideas? Thanks! A. -- Only in the darkness can you see the stars. - Martin Luther King, Jr.
Bug#859122: about 500 DLAs missing from the website
On 2017-03-30 11:22:05, Antoine Beaupre wrote: > Is there any reason why new DLAs have not been imported? > > Is there anything we can do to help in completing that import? So after further research, I can answer my own questions. It's unclear why the process has broken down, but it's clear that the current webmaster team is not in a position to do that work. For DLAs, they do not have the templates they normally use for DSA. I looked at the parse-dsa.pl script and it looks like it might just be possible to batch-import the missing advisories. I started looking into that into the following MRs: https://salsa.debian.org/webmaster-team/webwml/merge_requests/41 https://salsa.debian.org/webmaster-team/webwml/merge_requests/42 https://salsa.debian.org/webmaster-team/webwml/merge_requests/43 And will eventually batch-import everything in one monstrous merge request. Then we need to figure out workflow, which I'll do in that other bug report. A. -- Blind respect for authority is the greatest enemy of truth. - Albert Einstein
Bug#864925: wiki.debian.org: gridlines in tables
Sorry, some typos: On 2018-10-26 16:30:52, Antoine Beaupre wrote: > Before: > > https://screenshots.firefox.com/KCOr4HJHKqiNqcbQ/wiki.debian.ogr This should be: https://screenshots.firefox.com/KCOr4HJHKqiNqcbQ/wiki.debian.org > After: > > https://screenshots.firefox.com/KCOr4HJHKqiNqcbQ/wiki.debian.org And: https://screenshots.firefox.com/vf7OcIbrRf0FT0Oa/wiki.debian.org A. -- The future is already here – it's just not very evenly distributed. - William Gibson
Bug#859122: Acknowledgement (about 500 DLAs missing from the website)
For the record, I opened the following related bug report: * #859123: automate import of DLAs and DSAs in www.debian.org Which may help in avoiding that issue in the future. -- The greatest crimes in the world are not committed by people breaking the rules but by people following the rules. It's people who follow orders that drop bombs and massacre villages. - Bansky
