Re: Issue in the generation of OVAL definitions at website (was Re: Debian Oval definitions for 2011)
On Thu, Oct 13, 2011 at 12:42:53AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Tue, Oct 11, 2011 at 08:18:30PM -0400, David Prévot wrote:
> > Le 11/10/2011 19:53, Javier Fernández-Sanguino Peña a écrit :
> > > Security Team: would you agree if I modified all the 2010 and 2011 advisories
> > > to include a new tag (which would not be printed, yet) to make it possible to
> > > document which releases were affected by each DSA?
> > Since this information doesn't seem to be available in the DSA mail,
> > couldn't it be gathered directly from the security tracker?
> > 0: http://security-tracker.debian.org/tracker/
> The information is there, and is not that difficult to have a program read
> it. These are the blurbs:
Parsing from the DSA/list file is likely more robust, since this is
the place we fix up for eventual later correction and which is used in
You can parse from the DSA/list file in the security tracker.
> > > Web team: if the security team agrees I would update all DSA files from 2135
> > > to 2322 to include that header. That would ensure that we have some OVAL
> > > definitions.
> > If you also take care to update the english/security/parse-advisory.pl
> > script we use to convert DSA mail to publish advisories on the website,
> > so we don't have to manually add those headers in the next ones, I guess
> > it's not a problem on our side (but I wonder where will this information
> > come from).
> I can commit to changing the script too once I get approval. If the security
> team does not oppose these changes I will schedule to do the changes probably
> sometime next week.
Please go ahead.