Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)

To: "Simon Paillard" <simon.paillard@resel.enst-bretagne.fr>
Cc: debian-www@lists.debian.org, security@debian.org
Subject: Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Mon, 7 Jul 2008 21:54:17 +0200 (CEST)
Message-id: <[🔎] 60d302c20f3b75b8a02ecb68540c7b13.squirrel@wm.kinkhorst.nl>
In-reply-to: <[🔎] 20080707175519.GF30847@dedibox.ebzao.info>
References: <871w862ef2.fsf@squeak.fifthhorseman.net> <20080125144313.GA6743@imkf-pc073.imkf.tu-freiberg.de> <20080125174820.GN21559@dedibox> <20080205200730.GJ11250@dedibox> <20080410223304.GC5130@dedibox.ebzao.info> <20080411104023.GG5130@dedibox.ebzao.info> <82522b7f9a31c76d0fb66232fa9cdf85.squirrel@wm.kinkhorst.nl> <[🔎] c067a59b9d81e33351e85cd6d5593e27.squirrel@wm.kinkhorst.nl> <[🔎] 20080707175519.GF30847@dedibox.ebzao.info>

Hi Simon,

On Mon, July 7, 2008 19:55, Simon Paillard wrote:
> Indeed, the current solution doesn't handle DSA-nnnn-x with x > 1.
> That is due to the workflow (we try to parse a mail without any strong
> structure, while the data are structured in dak / security-tracker, as far
> as I understood from Nico Golde).
>
> That's why I consider this script as a very dirty solution. If you have
> the data somewhere and parsable with a known and real structure, that would
> be much easier and reliable to prepare wml files.

Yes and no.

The current DSA mails are somewhat free-form (this is a quality: special
issues sometimes require special text formatting).

We do have the security-tracker that has structured information on DSA's,
but this information is somewhat limited: it has DSA number, package, CVE
refs, related packages and fixed version in etch. You could reconstruct
most of the current web pages out of it, with notable exception the full
descriptive text. The entries in the security-tracker are also constructed
automatically from the DSA mails[1].

I see the following solutions:

1) Use the current script parse-advisory.pl. It may be ugly but it does the
   trick in nearly all cases. DSA's are committed automatically and the web
   team reads the commit diffs and corrects after the fact if needed.

2) A hybrid approach combining parse-advisory with as much structured
   information as is available. dsa2list could be a good starting point.

3) Only use structured information on the website, and link to the
   mailinglist for the full text. This has the drawback of missing
   translatability but should make it fully automated even without need
   for review.

cheers,
Thijs

[1] http://svn.debian.org/viewsvn/secure-testing/bin/dsa2list

Reply to:

Follow-Ups:
- Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
  - From: Michael Stone <mstone@debian.org>

References:
- Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
  - From: "Thijs Kinkhorst" <thijs@debian.org>
- Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
  - From: Simon Paillard <simon.paillard@resel.enst-bretagne.fr>

Prev by Date: Redirects from old urls (Re: 404 for help request details)
Next by Date: Re: DebianWiki: Template Pages
Previous by thread: Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
Next by thread: Re: some parse-advisory.pl updates (was: DSA listings on http://www.debian.org/ are out of date)
Index(es):
- Date
- Thread