Re: CVE Cross references
No, this is not a proper fix, since the ref-table.inc is need two times. In security and lts/security for two version of crossrefenreces. I've now manually delete the wrong, empty ref-table.inc on the www master and I will check if it get generated properly. Still we have to check, why it is not rebuild properly sometimes. > On Mon, 16 Oct 2023 13:09:08 +0200, Florian Weimer > said: > * Steve Mouer: >> Hello, >> >> We are using your CVE cross references list to understand impact of >> vulnerabilities across Debian Security advisories, however all of >> the information has disappeared from the following page: >> >> https://www.debian.org/security/crossreferences >> >> Can you please advise if this will be restored and is this the best >> place for us to automatically pull this information? > Thomas, any idea what might be causing this? > Running the generator script locally in the right directory does > produce some data. Could this be the proper fix? > diff --git a/english/security/Makefile b/english/security/Makefile > index d1bda4969f1..271dcd02bc0 100644 > --- a/english/security/Makefile > +++ b/english/security/Makefile > @@ -51,7 +51,7 @@ faq.$(LANGUAGE).html: faq.wml \ >$(ENGLISHSRCDIR)/security/faq.inc $(GETTEXTDEP) > $(ENGLISHSRCDIR)/security/ref-table.inc: $(ENGLISHSRCDIR)/security/make-ref-table.pl $(sort $(wildcard $(ENGLISHSRCDIR)/security/*/*.data)) > - perl $(ENGLISHSRCDIR)/security/make-ref-table.pl -p -a >$(ENGLISHSRCDIR)/security/ref-table.inc > + cd $(ENGLISHSRCDIR)/security && perl make-ref-table.pl -p -a >ref-table.inc > crossreferences.$(LANGUAGE).html:: $(ENGLISHSRCDIR)/security/ref-table.inc \ > $(ENGLISHDIR)/template/debian/securityreferences.wml
Re: Call for experiences of Norbert Preining
> This reminded me about > https://lists.debian.org/debian-project/2018/12/msg00025.html For easier understanding, this is the post from Daniel with subject: "€ 500 cash bounty for information / Debian privacy breaches" -- regards Thomas
Re: Proposal: mediators
> thanks for wrinting it down, but I still think the better option is > to spend some Debian funds to let a professional mediator handle > this, Great idea! IMO it should be very easy for the AH team or any DD to ask the DPL for getting money for an external mediator if a situation is escalating. If we would already had implemented this, some hundreds of mails would have been saved. Please, please spend money for this. It's worth it more than anything else. -- regards Thomas
Re: Appeal procedure for DAM actions
Thanks for this details analysis and for your suggestions for improvements. I like especially the idea of changing the timeline and to remove the update of the DAM statement (3. Appealer statement). I also was wondering what "turning it into a warning" really means. I think a warning should be done by DAM before someone gets expelled. Again, this posting helps me as a non-native speaker to raise my voice. -- regards Thomas
RE: Appeal procedure for DAM actions
>>>>> On Tue, 08 Jan 2019 09:14:53 +0100, Joerg Jaspert >>>>> said: > On 15276 March 1977, Thomas Lange wrote: >> I think you should forward this mail to nm-commit...@nm.debian.org. > Noted, but I think it makes more sense to point them at this whenever such an > appeal starts, as the group is a dynamic one. If I send it now, there might be > a pretty different set receiving an appeal in the future, so for now, I assume > they either read it on -project or do not (yet) need to care. Do you plan an official announcement of this new procedure? IMO debian-project is not read by all (e.g. I'm not subscribed to it) and because some people missed transparency in the past it would be good to inform all. JFTR: Thanks Enrico for pointing me how to see the list of members that will vote. Keep in mind that this may change. > The list is at: https://nm.debian.org/public/managers > Look for the "Ctte" column. If you have javascript enabled, you can > click on the column title to sort/group by it. -- regards Thomas