[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DLAs in the website: some updates and issues


On 18/03/2019 15:56, Sylvain Beucler wrote:
> On Thu, Mar 07, 2019 at 08:02:18PM +0100, Laura Arjona Reina wrote:
>> El 5/3/19 a las 16:07, Markus Koschany escribió:
>>> thank your for your work on our website. Ideally we would like to make
>>> the whole process fully automatic without the need for any manual
>>> interaction. 
>> This is being discussed in #859123: automate import of DLAs and DSAs in
>> www.debian.org
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
>> In particular, I think this message from Lev Lamberov is relevant:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123#20
>>> Can you tell us more about the current work flow of our DSA
>>> announcements on the front page? 
>> DSAs are manually imported by a web team member or a security team
>> member, using the parse_advisory.pl script.
>>> Does someone from the webteam reviews
>>> the generation by hand? 
>> Usually yes, but also, as it is noted in Lev's message, I think the
>> format of DSA is more standard.
> I had a look at parse-dla.pl / parse-advisory.pl, and let's face it:
> it's a bunch of ad-hoc regexps that happen to work. Most of the times.
> I couldn't find a satisfying way to fix the trailing </li></ul>
> recurring bug.

FYI I tracked down the difference ("For the (old)stable" vs. "For Debian
X") and adapted the regexp.
This confirms DLA formatting is on par with DSA's, the conversion script
is just fragile.

>>> I'm sure we can improve the current parse-dla.pl
>>> script and fix those markup bugs. We also thought about downloading the
>>> announcements from  https://lists.debian.org/debian-lts-announce/ and
>>> then create the DLA on the web page automatically. Is this a viable plan?
>> I don't know.
>> I guess that if the security team does not that already it's probably
>> because of a reason (or maybe because nobody in the web team could find
>> the time+skills+motivation needed to make it possible...).
> So the core issue is taking a text mail and automagically generate a
> HTML equivalent.
> Lev suggested 4 months ago that LTS and DebSec work on a common
> mark-up format.  We could attempt to switch to MarkDown, but from
> experience it breaks easily, especially wrt newlines.
> Alternatively, a simple answer would be to keep the headers parsing
> (Package/Version/CVE ID/Debian Bug) but import the free-form
> description text verbatim as a monospace block (such as <code>).
> i.e. stop coping with ul/li, just auto-link https://... bits.
> I don't suggest merely linking the list archives, since AFAIU there is
> demand for advisories translations (if there isn't, though, a link
> would be enough IMHO).
> What do you think?
> Cheers!
> Sylvain

Reply to: