[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)

Hello Thijs,

Sorry for the late ..

On Mon, Jul 07, 2008 at 11:05:29AM +0200, Thijs Kinkhorst wrote:
> On Fri, June 13, 2008 12:32, Thijs Kinkhorst wrote:
> >> Applied as well :)
> >> (I assume that all DSA fit on a unique web page per year, assumption
> >> true past years)
> >>
> >> So now, the only remaining manual work to do is the check step.
> >
> > This script seems to be working fine now for a while and only in a few
> > cases do I need to change the output by hand before committing. Allthough
> > less than it was, it's still a cumbersome process, leading to it being
> > skipped when the security officer is pressed on time like happened last
> > week where a number of DSA's were not in reasonable time on the website.
> >
> > I propose to run the script automatically on emails coming in through the
> >  d-s-a mailinglist that are DSA-nnnn-1 mails. There are exceptional cases
> >  where it goes wrong, but it could be better to correct those after the
> > fact than to have all DSA's waiting on someone finding the time.

Indeed, the current solution doesn't handle DSA-nnnn-x with x > 1.
That is due to the workflow (we try to parse a mail without any strong
structure, while the data are structured in dak / security-tracker, as
far as I understood from Nico Golde).

That's why I consider this script as a very dirty solution. If you have
the data somewhere and parsable with a known and real structure, that
would be much easier and reliable to prepare wml files.

> > One issue I can think of is the archive not being updated at time of
> > message arrival. Perhaps the script can pause for a significant amount of
> > time and then continue processing? Or can we maybe from the message
> > itself predict accurately what a working archive url will be?

IMO, the 20 minutes maximum lag between the message is sent and the
availability in archives is not that critical.

If you consider this lag as a problem :
* reduce the period for building archives of debian-security-annnounce,
  to a few minutes.
* consider that the script will be always online and build the url by
  just incrementing the numbers.

> > Could the web team look into this?
> 
> Is there an update to this?
> For the security-tracker repository I've now made the importing of new
> DSA's automatic, would be a real timesaver if this could also be
> implemented for the website as outlined above.
 
I'm not a DD and don't have access to the machine itself, so the better
I can do is running such a script from my own server.

Maybe some DD can have more informations about implementing such a
script on klecker (aka www-master).

Regards,

-- 
Simon Paillard
Reply to: