fixing links for DLAs in the security tracker

To: debian-lts@lists.debian.org
Subject: fixing links for DLAs in the security tracker
From: anarcat@orangeseeds.org (Antoine Beaupré)
Date: Tue, 28 Mar 2017 16:08:19 -0400
Message-id: <[🔎] 87inmtb1vw.fsf@curie.anarc.at>

I constantly find myself struggling to find the actual DLA announcements
when I browse the security tracker. Take for example:

https://security-tracker.debian.org/tracker/CVE-2016-8743

If you click on the DSA there:

https://security-tracker.debian.org/tracker/DSA-3796-1

You have a nice "Source" link that brings you to:

https://www.debian.org/security/2017/dsa-3796

Yet the DLA page doesn't have that feature:

https://security-tracker.debian.org/tracker/DLA-841-1

It's rather frustrating because then you need to dig around the mailing
list archives - at this point I usually give up and punch the DLA string
into my search engine or notmuch. But for our users and other security
researchers, this must be even more confusing.

Our Development instructions explicitly say this, but *why* don't we
save the DLA template into SVN? It would be nice way for the security
tracker to have access to it.

Alternatively, should we patch the security tracker to point to a search
engine for the DLA ID?

What's a canonical link for DLA announcements anyways?

Thanks for any feedback,

A.

-- 
Nothing incites to money-crimes like great poverty or great wealth.
                        - Mark Twain

Reply to:

Follow-Ups:
- Re: fixing links for DLAs in the security tracker
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Fwd: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download
Next by Date: Re: Fwd: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download
Previous by thread: skipping clean on host when building in a chroot
Next by thread: Re: fixing links for DLAs in the security tracker
Index(es):
- Date
- Thread