Re: security updates webpage
-----BEGIN PGP SIGNED MESSAGE-----
[I'm CCing this to the list because I think it'd be good for everyone to know]
On 16-Dec-98 Michael Stone wrote:
> Ok. I've got the access from Jay. I've also exchanged a couple of emails
> with Wichert about getting security announcements. What else should I
> know?
Ok.. first off, all announcements are in the subdirectory
english/security/{year} (You don't have to worry about translations unless you
actually are on one of those teams. Otherwise, the "original" goes into the
english section. The translators will take it from there).
The nameing scheme is YYYYMMDD[x].wml where:
YYYY = full year ( ex. 1998 for this year)
MM = Month, 0 padded (ex. 03 for march)
DD = Day, 0 padded (ex. 15 for the fifteenth)
x = letter used when there are more than one alert in a day.
Start with a go to z, lower case.
Looking at the directory should give you an idea of what I'm talking about
there.
Next, there is a template to make life as easy as possible. It's in
./english/security and it's called security.form Go ahead and look at it.
You'd just copy it into the directory (cp ../security.form 19981215.wml if I
was doing it today, and I know you know the cp command, I wanted to give you a
visual of what a file name might look at as well as where the *.form file
resides). Then fill it in. The date at the top is in DD MMM YYYY (zero padded
day, Word month (Jan, Feb, Mar, etc). Then the cvs add and cvs commit and
you're done. I'm assuming you know cvs.
> How come www.debian.org/ has more recent security alerts than
> www.debian.org/security/? Shouldn't the newer reports be on both pages?
Index pages (in / /security and /security/{year} are all generated automaticly.
If an index page is not generated properly, it probably means the makefile
dependencies are wrong and either Jay or I need to look at them.
> Why is http://www.debian.org/security/1998/19981210 screwed up? (The
> fixed packages aren't appearing.)
> Is there a mechanism for updating a report? (E.g., /security/1998/19981101
> outlines the ssh problem, and says that there's no fix; there's no
> indication that updated packages are available. That means that a user
> can't bookmark a page and check back to see if a problem's been fixed.)
You can do one of three things. You can either create a second page that has
the information of the first page with the updates or you can rename the old
report to the new date and make the changes (and the appropriate cvs remove;cvs
add;cvs commit) or you can just make the changes in old file.
I'd prefer #2 or #3. I've done both, usually depending on whether the original
announcement was put up by me or not. For example, the original SSH page, I
put up because I saw the discussion but security hadn't made a formal
announcement about it (the exploit was still hotly debated). You can usually
tell (lately) because the subject starts with [security]. When the official
announcement came through, I removed my old one and crafted a new one based on
the official announcement. Make sense?
Any questions (esp. after looking at security.form)? Just write :)
- - Darren
=========================================================================
* http://benham.net/index.html <>< *
* -------------------- * -----BEGIN GEEK CODE BLOCK----- ---------------*
* Darren Benham * Version: 3.1 *
* <gecko@benham.net> * GCS d+(-) s:+ a29 C++$ UL++>++++ P+++$ L++>++++*
* KC7YAQ * E? W+++$ N+(-) o? K- w+++$(--) O M-- V- PS-- *
* Debian Developer * PE++ Y++ PGP++ t+ 5 X R+ !tv b++++ DI+++ D++ *
* <gecko@debian.org> * G++>G+++ e h+ r* y+ *
* -------------------- * ------END GEEK CODE BLOCK------ ---------------*
=========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBNndfCLbps1lIfUYBAQG0FAQAhiBdv13H1k/XEuJaOYSxcowTvS6qQkRv
NsxsDblwJChZmfuADwds5Et7GrPQxed6RzQj69/asM/IctNwGuHcDiaE663+KE/h
DYmr4C39xZ+AtKSNnbo4AF5doJ0XiBFlPFzvj9PvFNc6FWmcSqmWA7msiJQ9B/D6
2BAjelX+ME4=
=pxiW
-----END PGP SIGNATURE-----
Reply to: