Bug#859122: about 500 DLAs missing from the website
On 2017-03-30 11:22:05, Antoine Beaupre wrote: > Is there any reason why new DLAs have not been imported? > > Is there anything we can do to help in completing that import? So after further research, I can answer my own questions. It's unclear why the process has broken down, but it's clear that the current webmaster team is not in a position to do that work. For DLAs, they do not have the templates they normally use for DSA. I looked at the parse-dsa.pl script and it looks like it might just be possible to batch-import the missing advisories. I started looking into that into the following MRs: https://salsa.debian.org/webmaster-team/webwml/merge_requests/41 https://salsa.debian.org/webmaster-team/webwml/merge_requests/42 https://salsa.debian.org/webmaster-team/webwml/merge_requests/43 And will eventually batch-import everything in one monstrous merge request. Then we need to figure out workflow, which I'll do in that other bug report. A. -- Blind respect for authority is the greatest enemy of truth. - Albert Einstein
Bug#859123: automating process for publishing DLAs on the website
Hi! Many of you probably already know this website and its precious RSS feed: https://www.debian.org/security/ Few of you might already know that DLAs are *supposed* to show up in there as well, and did for a while. For example, here's a few DLAs in 2014: https://www.debian.org/security/2014/ The process broke down a while back, and reasons don't matter. We need to figure out how to fix this. So I opened #859122 to import the missing DLAs and I've made good progress. But I've opened this bug report (#859123) to fix the process. So far, the idea we had was to make LTS contributors submit a patch to the website as part of the DLA publication process. You'd run the little "parse-dla.pl" script which would create two files in the webwml git repository, separate from the security tracker! that's where the debian.org website lives.. Then you'd commit those and send a merge request to the project (or just push if you have the rights). The webmaster folks seemed to be open to grant us access to the repo to remove friction as well.. How does that sound? Another thing I thought we could do would be to hook that script into a mailbox that would receive mail from the debian-lts-announce list and automatically publish the results into git. But so far my efforts at automating things on Debian infrastructure have mostly failed, so I'm not sure it's the way to go. Besides, the parse-dsa.pl script isn't exactly solid, and don't like the idea of parsing arbitrary input like this without a human oversight. But it would certainly reduce friction to a minimum, which I like. Any other ideas? Thanks! A. -- Only in the darkness can you see the stars. - Martin Luther King, Jr.
Bug#859123: automating process for publishing DLAs on the website
Hi, Пн 19 ноя 2018 @ 19:07 Antoine Beaupré : > Few of you might already know that DLAs are *supposed* to show up in > there as well, and did for a while. For example, here's a few DLAs in > 2014: > > https://www.debian.org/security/2014/ > > The process broke down a while back, and reasons don't matter. We need > to figure out how to fix this. > > So I opened #859122 to import the missing DLAs and I've made good > progress. > > But I've opened this bug report (#859123) to fix the process. So far, > the idea we had was to make LTS contributors submit a patch to the > website as part of the DLA publication process. You'd run the little > "parse-dla.pl" script which would create two files in the webwml git > repository, separate from the security tracker! that's where the > debian.org website lives.. Then you'd commit those and send a merge > request to the project (or just push if you have the rights). The > webmaster folks seemed to be open to grant us access to the repo to > remove friction as well.. > > How does that sound? > > Another thing I thought we could do would be to hook that script into a > mailbox that would receive mail from the debian-lts-announce list and > automatically publish the results into git. But so far my efforts at > automating things on Debian infrastructure have mostly failed, so I'm > not sure it's the way to go. Besides, the parse-dsa.pl script isn't > exactly solid, and don't like the idea of parsing arbitrary input like > this without a human oversight. But it would certainly reduce friction > to a minimum, which I like. > > Any other ideas? DSAs are also imported by hand with the help of "parse-advisory.pl", there are always some folks in webwml or security team who can do this. The difference between DSAs and DLAs is that the former is somewhat standartized and can be parsed semi-automatically. It is not always the case with the latter, that is the mentioned "parse-dla.pl" may just throw an error because of some unusual markup or something. But let me stress that even in case of DSAs parsing does not always performs well, and adding a new DSA to the webwml requires checking it beforehand and sometimes fixing html/wml tags. I hope that LTS team _together_ with the Debian Security team will be able to find a common concise markup format which will become a standard both for DSAs and DLAs, and which could be easily and unambiguously parsed, so automatic processing would be possible. Regards, Lev
