1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.I18N

  • upcoming changes of the web pages /security and /lts/security

    From Thomas Lange@21:1/5 to All on Thu Dec 7 20:40:01 2023
    XPost: linux.debian.www

    Hi all,

    in the past, all security related lists (like the N recent security
    advisories, crossreferences, RSS feeds, OVAL) were using the .wml and
    .data files which exists for each DSA and DLA. These two files are
    still created manually for each DSA and DLA.

    After talking to the security team, my goal is to remove the need of
    this manuall work and generate all information automatically from the
    primary security sources from the Debian Security Tracker. This also
    makes the security information more early available to our users
    without waiting for someone to prepare the .wml and .data files.


    The changes will affect the webwml repository under /security/ and /lts/security/.


    What's already done

    - The new lists of DSA/DLA are currently available under
    https://www.debian.org/security/new.html#DSAS
    https://www.debian.org/lts/security/new.html#DLAS

    The two new.html pages will replace the current index.html pages
    https://www.debian.org/security/index.html and
    https://www.debian.org/lts/security/index.html

    - The new list of recent security announcements now includes a
    link to the security tracker and the original announcement
    mails. The later link is a complete new feature of the web pages.

    - The RSS security feeds for DSA and DLA are not generated from the
    .wml/.data files any more but using our new script mk-dsa-dla-list.
    The RSS content now includes a link to the security tracker and to the
    announcement mail.
    Since the change on Nov 16th we did not get any complaint about this.

    - The OVAL files are generated without using the .data and .wml files.
    We now parse DebianSecTracker.json and /data/DSA/list from the sec-tracker
    Thanks to Carsten for implementing this. The OVAL XML files have now
    less errors but still aren ot perfect, because they never included
    information from DLA for older releases.

    - A new collection of sources of security information
    https://www.debian.org/security/new.html#infos
    including examples how to access DSA, DLA and CVE information.


    TODO:

    - security/new.wml and lts/security/new.wml will replace the corresponding index.wml
    - we need more translations for these two new wml files (hints for
    translators see below)
    - The crossreferences will be removed an can easily replaced by using
    data/DSA/list which is easy to parse and read.

    - Create new apache redirects. Currently we have
    www.d.org/security/dsa-<number> (only lowercase)
    to www.d.o/security/<year>/dsa-<number>
    - Currently there's no similar redirect for the DLA
    - NEW redirects
    redirect www.d.org/security/dsa-<number> to the announcement mail at
    lists.debian.org/debian-security-announce/<year>/<message-id>
    A script for generating the map file already exists.
    We will do this also for the DLA.

    - all security/<year>/, key-rollover/ and undated/ files will be removed
    - We will keep 2020-GRUB-UEFI-SecureBoot/ and 2021-GRUB-UEFI-SecureBoot/
    - No more translations of security advisories are needed
    In 2023 only we had only french translations of the DSA/DLA. No
    other language did any translation of these information in 2023.
    French indeed translated ALL DSA/DLA. Wow!
    Thanks a lot to the french translators for this great work.
    - We will keep the sec announcements and translations of 2023 for
    another 6 month before deleting them.
    Older translations will be removed in a few weeks after all changes
    were made.

    - The translators are asked to prepare security/new.wml
    and lts/security/new.wml for their language. We will remove the old
    index.wml for languages which do not provide translations for the
    new pages.

    Here are some more infos, how I created the new.wml files:

    english/security/new.wml is a copy of english/security/index.wml with some changes.
    You will see the change history (including a rename from dsa.wml to new.wml) by
    $ git log -p --follow 3160b3931961~1.. new.wml

    For lts/security/new.wml use
    $ git log -p --follow a1010f1cb6fd~1.. new.wml



    A side effect of the removal of the thousands of DSA/DLA will be that
    our search engine will present better results. For e.g. if you search
    for "security AND tracker" most results (of the 2000) are links to DSA
    and DLA, but no information about our security tracker.
    another e.g. for bad search result: "firefox" the first 10 hits you get are DSA from 2005 to 2007
    another e.g.: search for "gnome" will list a lot of old DSA for icewaesel, icedove and other packages

    If you have any comments, feel free to contact me.

    --
    best regards Thomas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)