Discussion:
automating process for publishing DLAs on the website
Antoine Beaupré
2018-11-20 00:07:26 UTC
Permalink
Hi!

Many of you probably already know this website and its precious RSS
feed:

https://www.debian.org/security/

Few of you might already know that DLAs are *supposed* to show up in
there as well, and did for a while. For example, here's a few DLAs in
2014:

https://www.debian.org/security/2014/

The process broke down a while back, and reasons don't matter. We need
to figure out how to fix this.

So I opened #859122 to import the missing DLAs and I've made good
progress.

But I've opened this bug report (#859123) to fix the process. So far,
the idea we had was to make LTS contributors submit a patch to the
website as part of the DLA publication process. You'd run the little
"parse-dla.pl" script which would create two files in the webwml git
repository, separate from the security tracker! that's where the
debian.org website lives.. Then you'd commit those and send a merge
request to the project (or just push if you have the rights). The
webmaster folks seemed to be open to grant us access to the repo to
remove friction as well..

How does that sound?

Another thing I thought we could do would be to hook that script into a
mailbox that would receive mail from the debian-lts-announce list and
automatically publish the results into git. But so far my efforts at
automating things on Debian infrastructure have mostly failed, so I'm
not sure it's the way to go. Besides, the parse-dsa.pl script isn't
exactly solid, and don't like the idea of parsing arbitrary input like
this without a human oversight. But it would certainly reduce friction
to a minimum, which I like.

Any other ideas?

Thanks!

A.
--
Only in the darkness can you see the stars.
- Martin Luther King, Jr.
Holger Levsen
2018-11-20 15:30:21 UTC
Permalink
Post by Antoine Beaupré
The process broke down a while back, and reasons don't matter. We need
to figure out how to fix this.
So I opened #859122 to import the missing DLAs and I've made good
progress.
But I've opened this bug report (#859123) to fix the process. So far,
the idea we had was to make LTS contributors submit a patch to the
website as part of the DLA publication process. You'd run the little
"parse-dla.pl" script which would create two files in the webwml git
repository, separate from the security tracker! that's where the
debian.org website lives.. Then you'd commit those and send a merge
request to the project (or just push if you have the rights). The
webmaster folks seemed to be open to grant us access to the repo to
remove friction as well..
How does that sound?
sounds very good to me. thanks for your work on this so far!
Post by Antoine Beaupré
Another thing I thought we could do would be to hook that script into a
mailbox that would receive mail from the debian-lts-announce list and
automatically publish the results into git. But so far my efforts at
automating things on Debian infrastructure have mostly failed, so I'm
not sure it's the way to go. Besides, the parse-dsa.pl script isn't
exactly solid, and don't like the idea of parsing arbitrary input like
this without a human oversight. But it would certainly reduce friction
to a minimum, which I like.
I better like your above proposal than generating data from parsing mails which
we have sent previously.

So I've just requested webwml access from the debian-www folks.
--
cheers,
Holger

-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Loading...