Re: Issue in the generation of OVAL definitions at website (was Re: Debian Oval definitions for 2011)
On Thu, Oct 13, 2011 at 12:42:53AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Tue, Oct 11, 2011 at 08:18:30PM -0400, David Prévot wrote:
> > Le 11/10/2011 19:53, Javier Fernández-Sanguino Peña a écrit :
> >
> > > Security Team: would you agree if I modified all the 2010 and 2011 advisories
> > > to include a new tag (which would not be printed, yet) to make it possible to
> > > document which releases were affected by each DSA?
> >
> > Since this information doesn't seem to be available in the DSA mail,
> > couldn't it be gathered directly from the security tracker[0]?
> >
> > 0: http://security-tracker.debian.org/tracker/
>
> The information is there, and is not that difficult to have a program read
> it. These are the blurbs:
Parsing from the DSA/list file is likely more robust, since this is
the place we fix up for eventual later correction and which is used in
the tracker.
You can parse from the DSA/list file in the security tracker.
> > > Web team: if the security team agrees I would update all DSA files from 2135
> > > to 2322 to include that header. That would ensure that we have some OVAL
> > > definitions.
> >
> > If you also take care to update the english/security/parse-advisory.pl
> > script we use to convert DSA mail to publish advisories on the website,
> > so we don't have to manually add those headers in the next ones, I guess
> > it's not a problem on our side (but I wonder where will this information
> > come from).
>
> I can commit to changing the script too once I get approval. If the security
> team does not oppose these changes I will schedule to do the changes probably
> sometime next week.
Please go ahead.
Cheers,
Moritz
Reply to: