Bug#859123: automating process for publishing DLAs on the website

To: 859123@bugs.debian.org
Subject: Bug#859123: automating process for publishing DLAs on the website
From: Lev Lamberov <dogsleg@debian.org>
Date: Tue, 20 Nov 2018 11:30:45 +0500
Message-id: <[🔎] 87in0sl0q2.fsf@debian.org>
Reply-to: Lev Lamberov <dogsleg@debian.org>, 859123@bugs.debian.org
In-reply-to: <[🔎] 877eh87gsh.fsf@curie.anarc.at>
References: <149088408587.22278.6096084949659513738.reportbug@curie.anarc.at> <handler.859123.B.149088408922267.ack@bugs.debian.org> <149088408587.22278.6096084949659513738.reportbug@curie.anarc.at> <[🔎] 877eh87gsh.fsf@curie.anarc.at> <149088408587.22278.6096084949659513738.reportbug@curie.anarc.at>

Hi,

Пн 19 ноя 2018 @ 19:07 Antoine Beaupré <anarcat@debian.org>:

> Few of you might already know that DLAs are *supposed* to show up in
> there as well, and did for a while. For example, here's a few DLAs in
> 2014:
>
> https://www.debian.org/security/2014/
>
> The process broke down a while back, and reasons don't matter. We need
> to figure out how to fix this.
>
> So I opened #859122 to import the missing DLAs and I've made good
> progress.
>
> But I've opened this bug report (#859123) to fix the process. So far,
> the idea we had was to make LTS contributors submit a patch to the
> website as part of the DLA publication process. You'd run the little
> "parse-dla.pl" script which would create two files in the webwml git
> repository, separate from the security tracker! that's where the
> debian.org website lives.. Then you'd commit those and send a merge
> request to the project (or just push if you have the rights). The
> webmaster folks seemed to be open to grant us access to the repo to
> remove friction as well..
>
> How does that sound?
>
> Another thing I thought we could do would be to hook that script into a
> mailbox that would receive mail from the debian-lts-announce list and
> automatically publish the results into git. But so far my efforts at
> automating things on Debian infrastructure have mostly failed, so I'm
> not sure it's the way to go. Besides, the parse-dsa.pl script isn't
> exactly solid, and don't like the idea of parsing arbitrary input like
> this without a human oversight. But it would certainly reduce friction
> to a minimum, which I like.
>
> Any other ideas?

DSAs are also imported by hand with the help of "parse-advisory.pl",
there are always some folks in webwml or security team who can do this.
The difference between DSAs and DLAs is that the former is somewhat
standartized and can be parsed semi-automatically. It is not always the
case with the latter, that is the mentioned "parse-dla.pl" may just
throw an error because of some unusual markup or something. But let me
stress that even in case of DSAs parsing does not always performs well,
and adding a new DSA to the webwml requires checking it beforehand and
sometimes fixing html/wml tags.

I hope that LTS team _together_ with the Debian Security team will be
able to find a common concise markup format which will become a standard
both for DSAs and DLAs, and which could be easily and unambiguously
parsed, so automatic processing would be possible.

Regards,
Lev

Reply to:

References:
- Bug#859123: automating process for publishing DLAs on the website
  - From: Antoine Beaupré <anarcat@debian.org>

Prev by Date: Bug#859123: automating process for publishing DLAs on the website
Next by Date: Bug#859123: automating process for publishing DLAs on the website
Previous by thread: Bug#859123: automating process for publishing DLAs on the website
Next by thread: Bug#859123: automating process for publishing DLAs on the website
Index(es):
- Date
- Thread