On Mon, Apr 12, 2021 at 08:08:36PM -0500, Douglas R. Reno via blfs-book wrote: > > On 4/12/21 3:00 PM, Pierre Labastie via blfs-book wrote: > > On Mon, 2021-04-12 at 17:40 +0000, BLFS Trac via blfs-book wrote: > > > #14887: thunderbird-78.9.1 > > > -------------------------+--------------------- > > > Reporter: renodr | Owner: timtas > > > Type: enhancement | Status: closed > > > Priority: normal | Milestone: 10.2 > > > Component: BOOK | Version: SVN > > > Severity: normal | Resolution: fixed > > > Keywords: | > > > -------------------------+--------------------- > > > > > > Comment (by ken@…): > > > > > > First you need to follow the git editors guide to clone the lfswww > > > repository. > > > > > > Within that, the files are in blfs/advisories/ > > > > > > First go to consolidated.html. There is quite a long commented note > > > about > > > what to do. > > > Please read that. > > > > > > After the comments you will find the latest advisory, with older ones > > > below it. Note that the id link (above the h4 header) starts sa- to make > > > the html validation tool happy, and > > > that emphasis is now shown with <em>...</em> instead of <b> or <i>. > > > > > > It is often easiest to find an earlier link for the same package - > > > sa-10.1-012 seems a nice short one, you could copy that as a basis (e.g. > > > the links to the books should be correct). In this case the mozilla > > > advisory is mfsa2021-13/ and the severity is Medium. > > > > > > Change the text as necessary, add cve links to nvd, or else to mitre, if > > > they exist and are informative. In the general case, start searching for > > > other links if nothing was found (for mozilla, the mfsa will normally > > > say > > > something, other vulnerabilities might need a summary of what the > > > problem > > > is). > > > > > > When you think you have got the consolidated item correct, check it in > > > your browser. If you are doing the edit on your desktop machine, no > > > problem. I keep my repos on my local server and render the books via > > > apache. In my case I need to set files to point to where the books > > > should > > > be rendered, and for advisories and errata I have symlinks pointing to > > > the > > > blfs/advisories/ and blfs/errata/ directories (and also for lfs). > > > > > > If the new consolidated item looks ok and the links (both external and > > > to > > > the dev books) work, you can then do the second part: > > > > > > Edit 10.1.html (i.e. the name changes after each release). This is > > > ordered > > > alphabetically, except when I've screwed up, and within the package > > > newest > > > updates come first. > > > > > > You will see there is a commented <h3>PackageName</h3> as a guide. We > > > now > > > have sa- id's on each item, which allows links to other packages if > > > needed > > > (it is not normally needed). > > > Find where the new advisory belongs, copy the id and h4 from > > > consolidated,html with a note of the problem (often short). Finish > > > with: > > > To fix this(or these) update to PackageName-x.y.z or > > > later. Follow that with a link to the consolidated page (remember to > > > change the link number if copying it). > > > > > > For thunderbird there is a standard paragraph (italic, using css because > > > it is a whole paragraph) which comes before the newest thunderbird > > > advisory. > > > > > > We now try to use upstream's preferred capitalization, if there is one. > > > > > > Take a look at the existing items (and in the general case, perhaps > > > previous existing items in 10.0). > > > > > > Again, check the file in your browser, and check that the link to > > > consolidated goes to the right item (it should be the first item on the > > > consolidated page). > > > > > > When ready, push. If I am ever doing a lot, and suspect someone else > > > might > > > be doing something, I try to first do the consolidated, push that to > > > grab > > > the numbers, and then do the rest. > > > > > Shouldn't we add this to the editor guide? > > > > Pierre > > > > I agree, we definitely should add this to the editor's guide. > > - Doug >
Chapter 7, 'Security Advisories' ? I'll think about it, and then you can all reword my excessive verbiage. Some of De Bello Gallico having been read by me in latin in school, I never knowingly use three words when I can use five - or as one of my history teachers described it "throwing lumps of linguistic dung" ;-) I suppose I should create a branch for this, since the current book is publically viewable at rivendell and we don't want the raw w-i-p to frighten the world at this point ? Oh, and I see we're all replying to blfs-book as Douglas had already mentioned elsewhere! Seriously, I'm still feeling my way on some of *how* we should handle security, e.g. items which came to light some time after we had already moved to a later version and had our own release. It will take me several days (or more) to put something together. ĸen -- Music teaches you to get past a mistake: If you make one when you play live, you can't stop. You just have to carry on. -- Richard Thompson -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
