Antoine Beaupré
2018-11-20 00:07:26 UTC
Hi!
Many of you probably already know this website and its precious RSS
feed:
https://www.debian.org/security/
Few of you might already know that DLAs are *supposed* to show up in
there as well, and did for a while. For example, here's a few DLAs in
2014:
https://www.debian.org/security/2014/
The process broke down a while back, and reasons don't matter. We need
to figure out how to fix this.
So I opened #859122 to import the missing DLAs and I've made good
progress.
But I've opened this bug report (#859123) to fix the process. So far,
the idea we had was to make LTS contributors submit a patch to the
website as part of the DLA publication process. You'd run the little
"parse-dla.pl" script which would create two files in the webwml git
repository, separate from the security tracker! that's where the
debian.org website lives.. Then you'd commit those and send a merge
request to the project (or just push if you have the rights). The
webmaster folks seemed to be open to grant us access to the repo to
remove friction as well..
How does that sound?
Another thing I thought we could do would be to hook that script into a
mailbox that would receive mail from the debian-lts-announce list and
automatically publish the results into git. But so far my efforts at
automating things on Debian infrastructure have mostly failed, so I'm
not sure it's the way to go. Besides, the parse-dsa.pl script isn't
exactly solid, and don't like the idea of parsing arbitrary input like
this without a human oversight. But it would certainly reduce friction
to a minimum, which I like.
Any other ideas?
Thanks!
A.
Many of you probably already know this website and its precious RSS
feed:
https://www.debian.org/security/
Few of you might already know that DLAs are *supposed* to show up in
there as well, and did for a while. For example, here's a few DLAs in
2014:
https://www.debian.org/security/2014/
The process broke down a while back, and reasons don't matter. We need
to figure out how to fix this.
So I opened #859122 to import the missing DLAs and I've made good
progress.
But I've opened this bug report (#859123) to fix the process. So far,
the idea we had was to make LTS contributors submit a patch to the
website as part of the DLA publication process. You'd run the little
"parse-dla.pl" script which would create two files in the webwml git
repository, separate from the security tracker! that's where the
debian.org website lives.. Then you'd commit those and send a merge
request to the project (or just push if you have the rights). The
webmaster folks seemed to be open to grant us access to the repo to
remove friction as well..
How does that sound?
Another thing I thought we could do would be to hook that script into a
mailbox that would receive mail from the debian-lts-announce list and
automatically publish the results into git. But so far my efforts at
automating things on Debian infrastructure have mostly failed, so I'm
not sure it's the way to go. Besides, the parse-dsa.pl script isn't
exactly solid, and don't like the idea of parsing arbitrary input like
this without a human oversight. But it would certainly reduce friction
to a minimum, which I like.
Any other ideas?
Thanks!
A.
--
Only in the darkness can you see the stars.
- Martin Luther King, Jr.
Only in the darkness can you see the stars.
- Martin Luther King, Jr.