Re: Processed: reassign

To: "Moritz Muehlenhoff" <jmm@inutil.org>
Cc: "Gerfried Fuchs" <rhonda@deb.at>, "Debian Security Team" <team@security.debian.org>, "Debian WWW Team" <debian-www@lists.debian.org>
Subject: Re: Processed: reassign
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Fri, 25 Jan 2008 16:34:21 +0100 (CET)
Message-id: <[🔎] 38294.145.100.102.146.1201275261.squirrel@wm.kinkhorst.nl>
In-reply-to: <[🔎] 20080124225637.GA26457@inutil.org>
References: <20080123212806.GA3936@galadriel.inutil.org> <[🔎] handler.s.C.120112369915752.transcript@bugs.debian.org> <[🔎] 4797B6E3.2050709@debian.org> <[🔎] 20080123215648.GA5786@galadriel.inutil.org> <[🔎] 1201159893.14160.6.camel@edna.deb.at> <[🔎] 20080124225637.GA26457@inutil.org>

On Thu, January 24, 2008 23:56, Moritz Muehlenhoff wrote:
> The solution would be a script, which is subscribed to d-s-a, transforms
> the advisory mails and auto-commits them. If a transformation error is
> detected, a note can be sent to debian-www@l.d.o and fixed manually.

We are going to change the format of the mails anyway when Sarge is EOL,
which happens in 10 weeks: at that point we can drop the MD5 sums from the
emails, making it also unnecessary for the web version to link to the
mailinglist mail as we have to do now.

Would it be an idea to implement the changes at that time? The format
changes anyway, so it seems like a good time to implement a good parsing
script. I'm willing to do that and make it autocommit things if they can
be correctly parsed.

A whole different stragegy would be to base ourselves on the tracker,
however, that doesn't currently have all relevant information (most
prominently the freeform description of the vulnerability). On the other
hand the tracker has all other relevant info (package name, "subject"
description of problem, versions for different suites, CVE-ids) in a
structured form. We could turn it around and make the website source its
information there, and find a way to add things that are currently missing
to the tracker. One can imagine this setup:
* The list on the front page is just as it is now, and generated from the
tracker;
* The per-item page is also generated from the tracker and includes CVE
id's, fixed versions and an auto-generated link to the mailinglist
archives with the full text of the DSA.
This would make the web versions more "basic" but with the key data, and
those looking for more detail can be referred to the archived mail.

In the mean time, I'll make sure that our backlog is caught up by tomorrow
so we don't confuse users while discussing this.

Thijs

Reply to:

Follow-Ups:
- Re: Processed: reassign
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Processed: reassign
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Re: Processed: reassign
  - From: Luk Claes <luk@debian.org>
- Re: Processed: reassign
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Processed: reassign
  - From: Gerfried Fuchs <rhonda@deb.at>
- Re: Processed: reassign
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: DSA listings on http://www.debian.org/ are out of date
Next by Date: Re: DSA listings on http://www.debian.org/ are out of date
Previous by thread: Re: Processed: reassign
Next by thread: Re: Processed: reassign
Index(es):
- Date
- Thread