Re: DLAs in the website: some updates and issues

To: Laura Arjona Reina <larjona@debian.org>
Cc: Markus Koschany <apo@debian.org>, debian-lts@lists.debian.org, debian-www <debian-www@lists.debian.org>
Subject: Re: DLAs in the website: some updates and issues
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 29 Mar 2019 15:15:22 +0100
Message-id: <[🔎] 577bcdec-a7af-6b15-1514-20434c54a820@beuc.net>
In-reply-to: <[🔎] 20190318145622.z3f3f3fbgon3bbcn@mail.beuc.net>
References: <[🔎] aeae0c6b-fdd9-2492-9a25-9ac06ac7b849@debian.org> <[🔎] e39a9f5b-86b8-2163-74a6-1f4ad341f97a@debian.org> <[🔎] abbf612a-4105-5475-d53f-43a5f316fd90@debian.org> <[🔎] 20190318145622.z3f3f3fbgon3bbcn@mail.beuc.net>

Hi,

On 18/03/2019 15:56, Sylvain Beucler wrote:
> On Thu, Mar 07, 2019 at 08:02:18PM +0100, Laura Arjona Reina wrote:
>> El 5/3/19 a las 16:07, Markus Koschany escribió:
>>> thank your for your work on our website. Ideally we would like to make
>>> the whole process fully automatic without the need for any manual
>>> interaction. 
>> This is being discussed in #859123: automate import of DLAs and DSAs in
>> www.debian.org
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
>>
>> In particular, I think this message from Lev Lamberov is relevant:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123#20
>>
>>> Can you tell us more about the current work flow of our DSA
>>> announcements on the front page? 
>> DSAs are manually imported by a web team member or a security team
>> member, using the parse_advisory.pl script.
>>
>>> Does someone from the webteam reviews
>>> the generation by hand? 
>> Usually yes, but also, as it is noted in Lev's message, I think the
>> format of DSA is more standard.
> I had a look at parse-dla.pl / parse-advisory.pl, and let's face it:
> it's a bunch of ad-hoc regexps that happen to work. Most of the times.
>
> I couldn't find a satisfying way to fix the trailing </li></ul>
> recurring bug.

FYI I tracked down the difference ("For the (old)stable" vs. "For Debian
X") and adapted the regexp.
This confirms DLA formatting is on par with DSA's, the conversion script
is just fragile.


>>> I'm sure we can improve the current parse-dla.pl
>>> script and fix those markup bugs. We also thought about downloading the
>>> announcements from  https://lists.debian.org/debian-lts-announce/ and
>>> then create the DLA on the web page automatically. Is this a viable plan?
>>>
>> I don't know.
>>
>> I guess that if the security team does not that already it's probably
>> because of a reason (or maybe because nobody in the web team could find
>> the time+skills+motivation needed to make it possible...).
> So the core issue is taking a text mail and automagically generate a
> HTML equivalent.
>
> Lev suggested 4 months ago that LTS and DebSec work on a common
> mark-up format.  We could attempt to switch to MarkDown, but from
> experience it breaks easily, especially wrt newlines.
>
> Alternatively, a simple answer would be to keep the headers parsing
> (Package/Version/CVE ID/Debian Bug) but import the free-form
> description text verbatim as a monospace block (such as <code>).
> i.e. stop coping with ul/li, just auto-link https://... bits.
>
> I don't suggest merely linking the list archives, since AFAIU there is
> demand for advisories translations (if there isn't, though, a link
> would be enough IMHO).
>
> What do you think?
>
> Cheers!
> Sylvain

Reply to:

References:
- DLAs in the website: some updates and issues
  - From: Laura Arjona Reina <larjona@debian.org>
- Re: DLAs in the website: some updates and issues
  - From: Markus Koschany <apo@debian.org>
- Re: DLAs in the website: some updates and issues
  - From: Laura Arjona Reina <larjona@debian.org>
- Re: DLAs in the website: some updates and issues
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Re: jessie-updates gone
Next by Date: Re: jessie-updates gone
Previous by thread: Re: DLAs in the website: some updates and issues
Next by thread: Re: DLAs in the website: some updates and issues
Index(es):
- Date
- Thread