[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security information

Good morning,

I'm a little bit unhappy with our security page.

I'd like to have some more information shown on them.  I think the
user should be able to see which packages / programs are affected at
once - without reading the brief description.  I'd also like to have
timestamps to each report so one sees when that bug was reported and
when it was fixed.

There's also one thing that I miss very much.  The user does not see
if Debian 1.3.1 (replace with the actual version) is fixed or not.  In
the case of suidperl the security webpage says that it is fixed in
perl-suid 5.004 or later.  BUT 1.3.1 is still vulnerable as it still
contains perl 5.003.  After looking at the web page I would have
thought that bo was fixed, but it's not.

I'd like to see which release of Debian contains the fixed package or
if it was just uploaded to unstable and the user has to
compile/package it himself.

I'm not quite sure if it is good to have a full listing of the
security reports on one page or if it would be more convenient to only
have a very short listing of security reports with a timestamp and a
note "vulnerable or not" and "fixed in" and referring to another page
containing the whole report.

I've tried this and generated an index page but I'm still not sure if
it's better.  It looks quite good with lynx but...

I've noticed that some security reports are referring to mails from
various security lists.  I highly appreciate this but I'd like to have
these mails converted into html, showing its source and containing our
head (=logo) and foot.  Do you think this could be possible?

As I'm intrested in improving the pages I played a little bit with
them.  Please feel free to take a look at the results.  You can see
what looks better if you are able to see the pages.

Here's the improved version of the main security page, containing a
short index and referring to each report:


Here's the modified security.html that contains some additional fields
for each report.


Both set of pages are not fully converted.  They're just an example.



  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
 /              Whenever you meet yourself you're in a time loop /
/ http://home.pages.de/~joey/           or in front of a mirror /

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-www-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: