[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: automating process for publishing DLAs on the website

On 2018-12-19 18:05:36, Antoine Beaupré wrote:
> On 2018-12-19 11:09:10, Antoine Beaupré wrote:
>> On 2018-12-19 14:58:29, Holger Levsen wrote:
>>> On Wed, Dec 19, 2018 at 09:52:19AM -0500, Antoine Beaupré wrote:
>>>> > I also note #859122 is not marked 'patch'.
>>>> fixed.
>>> :)
>>>> >> I've requested access as an individual, for what that's worth.
>>>> > you were given access a week ago, too. \o/
>>>> yup. I guess I could just merge my own patches now... or do you want to
>>>> review them and do that instead, so we can get at least a second pair of
>>>> eyes on them?
>>> I just briefly reviewed them (not being a debian-www expert) and they
>>> a.) looked good and b.) only affect our areas, so I do think you should
>>> merge them.
>> i merged both patches, but it doesn't look like the change showed up on
>> the main website yet:
>> https://www.debian.org/security/2018/
>> ... doesn't list any DLA, and those are both 404s:
>> https://www.debian.org/security/2018/dla-1580
>> https://www.debian.org/security/2018/dla-1561
> This is actually processed every few hours, not directly after the CI
> runs.
> The DLAs are visible here:
> https://www-staging.debian.org/security/2018/dla-1580
> One thing that's unclear is how the entries get added to the main list
> in:
> https://www-staging.debian.org/security/2018/
> That still needs to be cleared up. In the meantime, I did do a mass
> import here:
> https://salsa.debian.org/webmaster-team/webwml/merge_requests/47

Sigh. I forgot to add that one issue that came up is duplicates: even
though the security tracker enforces unique DLA identifiers fairly well,
human error still creeps in and leads to duplicate DLA identifiers in
the wild. This will make automation harder: the current parser croaks
out on duplicate identifiers (and rightly so).

I guess we can just punt that back to the humans: they just need to
issue a new advisory with the correct identifier.

The problem is this is first come, first serve: if DLA X is claimed by
alice and bob comes in and publishes DLA X before alice has time to send
the mail, DLA X is on the website and can't be reverted by the script
and will need manual correction. I am worried this will be forgetten in
the future...

The difference between a democracy and a dictatorship is that in a
democracy you vote first and take orders later; in a dictatorship you
don't have to waste your time voting.
                         - Charles Bukowski

Reply to: