[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DLAs in the website: some updates and issues


On Thu, Mar 07, 2019 at 08:02:18PM +0100, Laura Arjona Reina wrote:
> El 5/3/19 a las 16:07, Markus Koschany escribió:
> > thank your for your work on our website. Ideally we would like to make
> > the whole process fully automatic without the need for any manual
> > interaction. 
> This is being discussed in #859123: automate import of DLAs and DSAs in
> www.debian.org
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
> In particular, I think this message from Lev Lamberov is relevant:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123#20
> > Can you tell us more about the current work flow of our DSA
> > announcements on the front page? 
> DSAs are manually imported by a web team member or a security team
> member, using the parse_advisory.pl script.
> > Does someone from the webteam reviews
> > the generation by hand? 
> Usually yes, but also, as it is noted in Lev's message, I think the
> format of DSA is more standard.

I had a look at parse-dla.pl / parse-advisory.pl, and let's face it:
it's a bunch of ad-hoc regexps that happen to work. Most of the times.

I couldn't find a satisfying way to fix the trailing </li></ul>
recurring bug.

> > I'm sure we can improve the current parse-dla.pl
> > script and fix those markup bugs. We also thought about downloading the
> > announcements from  https://lists.debian.org/debian-lts-announce/ and
> > then create the DLA on the web page automatically. Is this a viable plan?
> > 
> I don't know.
> I guess that if the security team does not that already it's probably
> because of a reason (or maybe because nobody in the web team could find
> the time+skills+motivation needed to make it possible...).

So the core issue is taking a text mail and automagically generate a
HTML equivalent.

Lev suggested 4 months ago that LTS and DebSec work on a common
mark-up format.  We could attempt to switch to MarkDown, but from
experience it breaks easily, especially wrt newlines.

Alternatively, a simple answer would be to keep the headers parsing
(Package/Version/CVE ID/Debian Bug) but import the free-form
description text verbatim as a monospace block (such as <code>).
i.e. stop coping with ul/li, just auto-link https://... bits.

I don't suggest merely linking the list archives, since AFAIU there is
demand for advisories translations (if there isn't, though, a link
would be enough IMHO).

What do you think?


Reply to: