Re: Proposed refactoring of the per-release tracker pages

[Michael Gilbert <michael.s.gilbert@gmail.com>]

On Fri, 8 Jan 2010 19:26:01 +0100 Francesco Poli wrote:

> On Fri, 8 Jan 2010 17:40:48 +0100 Moritz Muehlenhoff wrote:
> 
> > Michael Gilbert wrote:
> > > In order to address some usability, clutter, and transparancy issues
> > > with the tracker, I propose to make the following changes:
> > > 
> > > 1.  By default, the per-release pages (e.g. [0]) will only show low,
> > > medium, and high urgencies.
> > 
> > Plus issues where no severity is set. By default issues which are set
> > <no-dsa> should not be displayed as well, since they're triaged security-wise.
> 
> Moritz, do I understand correctly that what you propose here is that
> the default views stay the same as they have been for a long time until
> recently (except for the <no-dsa> tag)?
> 
> If this is the case, then I agree with you.
> 
> Anyway, I personally would like to have a URL to show the issues that
> have been shown by default until recently: even if it will no longer be
> the default view, I think that it is important to have a URL that shows
> the same categories of issues that have been so far shown by default,
> for consistency with past data.
> 
> For instance, I have a script that fetches those per-release tracker
> pages and updates a graphical plot showing per-release numbers of
> vulnerabilities vs. time.
> I can update the URLs in my script, but I would like to keep data
> consistency...

I don't think that there should be any requirement for backwards
compatibility.  Scraping the tracker pages is probably not the best way
to parse info.  You could use debsecan or ideally svn.  I understand
that you have issues with svn, so another option is the html interface
at [0].

Mike

[0] http://svn.debian.org/wsvn/secure-testing