[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Issue in the generation of OVAL definitions at website (was Re: Debian Oval definitions for 2011)

On Tue, Oct 11, 2011 at 08:18:30PM -0400, David Prévot wrote:
> Le 11/10/2011 19:53, Javier Fernández-Sanguino Peña a écrit :
> > Security Team: would you agree if I modified all the 2010 and 2011 advisories
> > to include a new tag (which would not be printed, yet) to make it possible to
> > document which releases were affected by each DSA?
> Since this information doesn't seem to be available in the DSA mail,
> couldn't it be gathered directly from the security tracker[0]?
> 	0: http://security-tracker.debian.org/tracker/

The information is there, and is not that difficult to have a program read
it. These are the blurbs:

<p>For the oldstable distribution (lenny), this problem has been fixed in
version xxxxx.</p>

<p>For the stable distribution (squeeze), this problem has been fixed in
version xxxxxx</p>

> > Web team: if the security team agrees I would update all DSA files from 2135
> > to 2322 to include that header. That would ensure that we have some OVAL
> > definitions.
> If you also take care to update the english/security/parse-advisory.pl
> script we use to convert DSA mail to publish advisories on the website,
> so we don't have to manually add those headers in the next ones, I guess
> it's not a problem on our side (but I wonder where will this information
> come from).

I can commit to changing the script too once I get approval. If the security
team does not oppose these changes I will schedule to do the changes probably
sometime next week.



Attachment: signature.asc
Description: Digital signature

Reply to: