Hi all, in the past, all security related lists (like the N recent security advisories, crossreferences, RSS feeds, OVAL) were using the .wml and .data files which exists for each DSA and DLA. These two files are still created manually for each DSA and DLA.
After talking to the security team, my goal is to remove the need of this manuall work and generate all information automatically from the primary security sources from the Debian Security Tracker. This also makes the security information more early available to our users without waiting for someone to prepare the .wml and .data files. The changes will affect the webwml repository under /security/ and /lts/security/. What's already done - The new lists of DSA/DLA are currently available under https://www.debian.org/security/new.html#DSAS https://www.debian.org/lts/security/new.html#DLAS The two new.html pages will replace the current index.html pages https://www.debian.org/security/index.html and https://www.debian.org/lts/security/index.html - The new list of recent security announcements now includes a link to the security tracker and the original announcement mails. The later link is a complete new feature of the web pages. - The RSS security feeds for DSA and DLA are not generated from the .wml/.data files any more but using our new script mk-dsa-dla-list. The RSS content now includes a link to the security tracker and to the announcement mail. Since the change on Nov 16th we did not get any complaint about this. - The OVAL files are generated without using the .data and .wml files. We now parse DebianSecTracker.json and /data/DSA/list from the sec-tracker Thanks to Carsten for implementing this. The OVAL XML files have now less errors but still aren ot perfect, because they never included information from DLA for older releases. - A new collection of sources of security information https://www.debian.org/security/new.html#infos including examples how to access DSA, DLA and CVE information. TODO: - security/new.wml and lts/security/new.wml will replace the corresponding index.wml - we need more translations for these two new wml files (hints for translators see below) - The crossreferences will be removed an can easily replaced by using data/DSA/list which is easy to parse and read. - Create new apache redirects. Currently we have www.d.org/security/dsa-<number> (only lowercase) to www.d.o/security/<year>/dsa-<number> - Currently there's no similar redirect for the DLA - NEW redirects redirect www.d.org/security/dsa-<number> to the announcement mail at lists.debian.org/debian-security-announce/<year>/<message-id> A script for generating the map file already exists. We will do this also for the DLA. - all security/<year>/, key-rollover/ and undated/ files will be removed - We will keep 2020-GRUB-UEFI-SecureBoot/ and 2021-GRUB-UEFI-SecureBoot/ - No more translations of security advisories are needed In 2023 only we had only french translations of the DSA/DLA. No other language did any translation of these information in 2023. French indeed translated ALL DSA/DLA. Wow! Thanks a lot to the french translators for this great work. - We will keep the sec announcements and translations of 2023 for another 6 month before deleting them. Older translations will be removed in a few weeks after all changes were made. - The translators are asked to prepare security/new.wml and lts/security/new.wml for their language. We will remove the old index.wml for languages which do not provide translations for the new pages. Here are some more infos, how I created the new.wml files: english/security/new.wml is a copy of english/security/index.wml with some changes. You will see the change history (including a rename from dsa.wml to new.wml) by $ git log -p --follow 3160b3931961~1.. new.wml For lts/security/new.wml use $ git log -p --follow a1010f1cb6fd~1.. new.wml A side effect of the removal of the thousands of DSA/DLA will be that our search engine will present better results. For e.g. if you search for "security AND tracker" most results (of the 2000) are links to DSA and DLA, but no information about our security tracker. another e.g. for bad search result: "firefox" the first 10 hits you get are DSA from 2005 to 2007 another e.g.: search for "gnome" will list a lot of old DSA for icewaesel, icedove and other packages If you have any comments, feel free to contact me. -- best regards Thomas