Hi, Пн 19 ноя 2018 @ 19:07 Antoine Beaupré <anar...@debian.org>:
> Few of you might already know that DLAs are *supposed* to show up in > there as well, and did for a while. For example, here's a few DLAs in > 2014: > > https://www.debian.org/security/2014/ > > The process broke down a while back, and reasons don't matter. We need > to figure out how to fix this. > > So I opened #859122 to import the missing DLAs and I've made good > progress. > > But I've opened this bug report (#859123) to fix the process. So far, > the idea we had was to make LTS contributors submit a patch to the > website as part of the DLA publication process. You'd run the little > "parse-dla.pl" script which would create two files in the webwml git > repository, separate from the security tracker! that's where the > debian.org website lives.. Then you'd commit those and send a merge > request to the project (or just push if you have the rights). The > webmaster folks seemed to be open to grant us access to the repo to > remove friction as well.. > > How does that sound? > > Another thing I thought we could do would be to hook that script into a > mailbox that would receive mail from the debian-lts-announce list and > automatically publish the results into git. But so far my efforts at > automating things on Debian infrastructure have mostly failed, so I'm > not sure it's the way to go. Besides, the parse-dsa.pl script isn't > exactly solid, and don't like the idea of parsing arbitrary input like > this without a human oversight. But it would certainly reduce friction > to a minimum, which I like. > > Any other ideas? DSAs are also imported by hand with the help of "parse-advisory.pl", there are always some folks in webwml or security team who can do this. The difference between DSAs and DLAs is that the former is somewhat standartized and can be parsed semi-automatically. It is not always the case with the latter, that is the mentioned "parse-dla.pl" may just throw an error because of some unusual markup or something. But let me stress that even in case of DSAs parsing does not always performs well, and adding a new DSA to the webwml requires checking it beforehand and sometimes fixing html/wml tags. I hope that LTS team _together_ with the Debian Security team will be able to find a common concise markup format which will become a standard both for DSAs and DLAs, and which could be easily and unambiguously parsed, so automatic processing would be possible. Regards, Lev
