[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: self-aware security urls

On Wed, Feb 17, 1999 at 11:22:37PM -0500, James A. Treacy wrote:
> I'm still leaning toward simply having the security pages link the relevant
> page in the Packages section of the web site and deal with linking packages
> in proposed-updates directory there. Only security updates are supposed to
> make it into that directory so there should be no problem using packages
> from there.

But there's still the issue of package stability. The stuff in
proposed-updates isn't necessarily ready to go into the dist yet. And we have
in the past had stuff in the updates dir that wasn't security-related (I don't
know if that's still the case.) And that still doesn't address the issue of
making it easy to get the package. We don't want to remove reference to the
old package until the new package is in stable. So does the package page have
an explanation of what the difference between the packages is so people know
what to download? 

Another case is a package with multiple security problems.
Let's say the first one is a remote root exploit for a part of the package
that is commonly used. This fix makes it to stable in due course. Later,
another problem is discovered in a part of the package that is normally not
active. I'd like the like on the page for the first security report to
reference the stable package, and the link on the later security report to
reference the second package. Why? So a person doesn't download a potentially
unstable package that fixes a problem that's not relavent to him. 

> The only problem with the Package section of the web site is it is still
> i386 specific. :(

That's a big problem, and that's another area I'm not sure how to handle.
Perhaps 'download i386' and 'download m68k' buttons? Or seperate entry points?

> BTW, Michael, you haven't gotten back to me with any other common phrases
> that may be used in the security pages that should have translations. Does
> that mean you are happy with the list I posted?

I haven't thought of anything else yet. We can always add more later, right?

OTOH, what I'm considering for this link thing is a syntax like this:
<fixlink package=foo vers=foo dist=stable,unstable,frozen
arch=i386,m68k,alpha,powerpc section=e.g.,net>

That is, this tag goes ahead and generates the link matrix of dists, source,
debs, etc. If that's the case, the some of the multilingual tags would get
folded into here.

Mike Stone

Attachment: pgpTNkORKlneB.pgp
Description: PGP signature

Reply to: