Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

To: Christophe Siraut <d@tobald.eu.org>, 853189@bugs.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)
From: Niels Thykier <niels@thykier.net>
Date: Wed, 01 Feb 2017 21:08:00 +0000
Message-id: <[🔎] ded4c1a4-4104-8d84-78ad-ea8fe2db92fb@thykier.net>
In-reply-to: <[🔎] 20170201161353.7gmfcvxk5fxhkzz6@localhost>
References: <148578742401.8158.7519569264622149962.reportbug@portux.lan.naturalnet.de> <20170130154854.ebjhrqpztsnsrwt4@mapreri.org> <52dfed03-cc42-d6d7-d7fd-e115e88809fc@thykier.net> <[🔎] 20170201161353.7gmfcvxk5fxhkzz6@localhost>

Christophe Siraut:
> Niels Thykier wrote:
>>  * tracker.d.o does *not* import excuses.yaml but update_excuses.html
>>    (as far as I am informed at least)
> 
> True.
> 
> Here is a patch for tracker to parse YAML instead of HTML.
> 
> Cheers,
> Christophe
> 

Hi Christophe,

Thanks for looking into this issue. :)

As the maintainer of Britney, I am a bit concerned that this patch
appears to be relying on the "excuses"-field inside.  That is a
"non-machine"-parsable format (basically all raw HTML notes) that I
would like to eventually phase out of the excuses.yaml.

If there is data in that field that tracker needs, then it should
preferably be extracted to another field.  (FTR, the format is still a
bit WIP)

Thanks,
~Niels

Reply to:

References:
- Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)
  - From: Christophe Siraut <d@tobald.eu.org>

Prev by Date: Bug#827061: transition: openssl
Next by Date: Bug#827061: transition: openssl
Previous by thread: Re: Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)
Next by thread: Bug#853871: unblock: denemo/2.0.14-2
Index(es):
- Date
- Thread