Bug#137756: www.debian.org: Debian Security Advisories not up to date

To: Daniel Quinlan <quinlan@pathname.com>
Cc: 137756@bugs.debian.org
Subject: Bug#137756: www.debian.org: Debian Security Advisories not up to date
From: Josip Rodin <joy@cibalia.gkvk.hr>
Date: Mon, 11 Mar 2002 02:02:45 +0100
Message-id: <[🔎] 20020311010245.GC31594@cibalia.gkvk.hr>
Reply-to: Josip Rodin <joy@cibalia.gkvk.hr>, 137756@bugs.debian.org
In-reply-to: <15499.64693.725685.109894@proton.pathname.com>
References: <[🔎] E16kBWY-0002KH-00@proton.pathname.com> <20020311003023.GA31594@cibalia.gkvk.hr> <15499.64693.725685.109894@proton.pathname.com>

On Sun, Mar 10, 2002 at 04:39:17PM -0800, Daniel Quinlan wrote:
> >> DSAs should be automatically posted immediately to the web site.
> 
> > There's hardly anything more the web team can do for this <shrug>
> 
> Thanks for adding the DSA.
> 
> However, there is a LOT more the web team could do.  www.kernel.org
> always shows the latest kernels, patches, and changelogs.  It's not
> exactly a technical feat.
> 
> This is really simple.  Subscribe an address to debian-security, have it
> feed into a shell script and if a DSA message is sent out, then post it
> (starting with a link to a plain-text copy of the DSA).  A #include type
> of thing would be one way to include an automatically generated page.
> 
> If you want to later replace the DSA with a marked-up version instead of
> the plain-text copy, fine, but I think getting the message out is the
> most important thing.

The message _is_ out instantly, it's in the list archive on the web within
10 minutes of being posted to the list. Perhaps that particular thing is not
advertized very prominently, but we do advertize the fact you can subscribe
to the mailing list and read the mails in the publically accessible archive.

We don't need another plain text copy on www.d.o, that's suboptimal and
near pointless. (Not to mention butt-ugly :) Those LinuxToday articles
look really lame.) But...

> Another way would be to have the debian-security people more directly
> involved.

... we could use a more automated way to publish the web page excerpts.
I've talked to the security officers several times about this and we have
advanced the advisories' format so that they are mostly parseable. I've
written a script to convert the advisory file into almost-finished WML,
and the files generated by it usually need just a little bit of human
intervention.

I would have gone further in automating it, however, I don't have the
permissions to edit the programs the security team they use to publish an
advisory. In that program it probably wouldn't be much of a problem to split
the advisory information into chunks suited for inclusion in the web page,
and then copy those chunks to the right place, run the right stuff and
make the new stuff go live.

At least one of the security officers, probably two, should be reading this
mailing list. Hint, hint.

-- 
     2. That which causes joy or happiness.

Reply to:

Follow-Ups:
- Bug#137756: www.debian.org: Debian Security Advisories not up to date
  - From: Daniel Quinlan <quinlan@pathname.com>

References:
- Bug#137756: www.debian.org: Debian Security Advisories not up to date
  - From: Daniel Quinlan <quinlan@pathname.com>

Prev by Date: Bug#137756: marked as done (www.debian.org: Debian Security Advisories not up to date)
Next by Date: Bug#137785: How To Set up ssh to not ask for a password is outdated.
Previous by thread: Bug#137756: marked as done (www.debian.org: Debian Security Advisories not up to date)
Next by thread: Bug#137756: www.debian.org: Debian Security Advisories not up to date
Index(es):
- Date
- Thread