Re: DLAs in the website: some updates and issues
On 18/03/2019 15:56, Sylvain Beucler wrote:
> On Thu, Mar 07, 2019 at 08:02:18PM +0100, Laura Arjona Reina wrote:
>> El 5/3/19 a las 16:07, Markus Koschany escribió:
>>> thank your for your work on our website. Ideally we would like to make
>>> the whole process fully automatic without the need for any manual
>> This is being discussed in #859123: automate import of DLAs and DSAs in
>> In particular, I think this message from Lev Lamberov is relevant:
>>> Can you tell us more about the current work flow of our DSA
>>> announcements on the front page?
>> DSAs are manually imported by a web team member or a security team
>> member, using the parse_advisory.pl script.
>>> Does someone from the webteam reviews
>>> the generation by hand?
>> Usually yes, but also, as it is noted in Lev's message, I think the
>> format of DSA is more standard.
> I had a look at parse-dla.pl / parse-advisory.pl, and let's face it:
> it's a bunch of ad-hoc regexps that happen to work. Most of the times.
> I couldn't find a satisfying way to fix the trailing </li></ul>
> recurring bug.
FYI I tracked down the difference ("For the (old)stable" vs. "For Debian
X") and adapted the regexp.
This confirms DLA formatting is on par with DSA's, the conversion script
is just fragile.
>>> I'm sure we can improve the current parse-dla.pl
>>> script and fix those markup bugs. We also thought about downloading the
>>> announcements from https://lists.debian.org/debian-lts-announce/ and
>>> then create the DLA on the web page automatically. Is this a viable plan?
>> I don't know.
>> I guess that if the security team does not that already it's probably
>> because of a reason (or maybe because nobody in the web team could find
>> the time+skills+motivation needed to make it possible...).
> So the core issue is taking a text mail and automagically generate a
> HTML equivalent.
> Lev suggested 4 months ago that LTS and DebSec work on a common
> mark-up format. We could attempt to switch to MarkDown, but from
> experience it breaks easily, especially wrt newlines.
> Alternatively, a simple answer would be to keep the headers parsing
> (Package/Version/CVE ID/Debian Bug) but import the free-form
> description text verbatim as a monospace block (such as <code>).
> i.e. stop coping with ul/li, just auto-link https://... bits.
> I don't suggest merely linking the list archives, since AFAIU there is
> demand for advisories translations (if there isn't, though, a link
> would be enough IMHO).
> What do you think?