Bug#460983: PTS: Please link to Security Tracker
A second look lead to one more discovery: On Wed, 23 Sep 2009, Raphael Geissert wrote: +xsl:if test=$hasother and $other/@security!='0' + liThere xsl:if test=$other/@security!='1'are/xsl:if security is an attribute of the $other XML element +# Get security issues +if security.has_key(pkg): +elt = doc.createElement('security') +root_elt.appendChild(elt) This sub-element is then not needed/wanted. +root_elt.setAttribute('security', security[pkg]) Here you assign the attribute without caring about the sub-element, confirming that it's not needed. Cheers, -- Raphaël Hertzog -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#460983: PTS: Please link to Security Tracker
merge 460983 520051 tag 460983 patch thanks Attached patch should do it. Not committing it as I would like another review (buxy already took a quick look at it). Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net Index: www/xsl/pts-issues.xsl === --- www/xsl/pts-issues.xsl (revision 2272) +++ www/xsl/pts-issues.xsl (working copy) @@ -307,4 +307,17 @@ /xsl:if /xsl:template + xsl:template name=issue-security +xsl:if test=$hasother and $other/@security!='0' + liThere xsl:if test=$other/@security!='1'are/xsl:if + xsl:if test=$other/@security='1'is/xsl:if + a href=http://security-tracker.debian.net/tracker/source-package/{$escaped-package}; + xsl:value-of select=$other/@security/ + open security issuexsl:if test=$other/@security!='1's/xsl:if/a + , please fix xsl:if test=$other/@security!='1'them/xsl:if + xsl:if test=$other/@security='1'it/xsl:if. + /li +/xsl:if + /xsl:template + /xsl:stylesheet Index: www/bin/other_to_xml.py === --- www/bin/other_to_xml.py (revision 2272) +++ www/bin/other_to_xml.py (working copy) @@ -319,6 +319,11 @@ dehs[pkgname] = {} dehs[pkgname]['error'] = msg +# read list of unfixed security issues +security = {} +for pkgname, count in read_dehs(os.path.join(dir, security_issues.txt)): +security[pkgname] = count + # read short descriptions shortdescs = read_shortdesc(os.path.join(dir, shortdesc.txt)) @@ -573,12 +578,22 @@ else: shortdesc_sig = ''.__hash__() +# Get security issues +if security.has_key(pkg): +elt = doc.createElement('security') +root_elt.appendChild(elt) +root_elt.setAttribute('security', security[pkg]) +sec_sig = security[pkg] +else: +root_elt.setAttribute('security', '0') +sec_sig = '0' + # TODO: try to do that signature checking before the creation of XML DOM # Build the sig and check if anything changed sig = (pts.get(pkg, 0), dc_sig, wnpp_sig, override_sig, dehs_sig, ubuntu_sig, s_rc, s_normal, s_wishlist, s_fixed, s_gift, s_help, subsig, svnbuildstat_sig, transitions_sig, lintian_sig, -shortdesc_sig, piuparts_sig, new_queue_sig, i18n_sig) +shortdesc_sig, piuparts_sig, new_queue_sig, i18n_sig, sec_sig) if sigs.has_key(pkg) and sig == sigs[pkg] and \ os.path.isfile(%s/%s/%s/other.xml % (odir, hash, pkg)): continue Index: www/bin/update_incoming.sh === --- www/bin/update_incoming.sh (revision 2272) +++ www/bin/update_incoming.sh (working copy) @@ -163,6 +163,10 @@ nice_wget http://dehs.alioth.debian.org/no_upstream.txt \ dehs_error.txt +# download list of security issues +nice_wget http://alioth.debian.org/~geissert/security-packages.txt \ +security_issues.txt + # download NEW queue info nice_wget http://ftp-master.debian.org/new.822 new.822
Bug#460983: PTS: Please link to Security Tracker
Hi, On Wed, 16 Jan 2008, Moritz Muehlenhoff wrote: It would be good if the PTS would link to the Debian Security Tracker. The URL format is http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME Can you provide a (regularly updated) file which list sources packages for which there are open issues? Maybe with a count of open issues and a list of CVE? source count CVE-XXX ... The PTS usually only provides some link when there's something intesresting to watch behind the link. Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/
Bug#460983: PTS: Please link to Security Tracker
* Raphael Hertzog: On Wed, 16 Jan 2008, Moritz Muehlenhoff wrote: It would be good if the PTS would link to the Debian Security Tracker. The URL format is http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME Can you provide a (regularly updated) file which list sources packages for which there are open issues? Maybe with a count of open issues and a list of CVE? source count CVE-XXX ... Yes, this should be possible. I will think a bit abot it end try to write some code to implement this. It will be easier if we also include resolved security issues in the count (otherwise, it's hard to express the state in a single number). The PTS usually only provides some link when there's something intesresting to watch behind the link. The drawback is that the link only appears after the next PTS update. (We could AJAX to create the link. 8-P) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#460983: PTS: Please link to Security Tracker
On Wed, Jan 16, 2008 at 10:09:15AM +0100, Florian Weimer wrote: Yes, this should be possible. I will think a bit abot it end try to write some code to implement this. It will be easier if we also include resolved security issues in the count (otherwise, it's hard to express the state in a single number). Well, to PTS end it is enough to have a file containing the needed information to decide whether or not the link should be put. If to you it's easy to generate a list of vulnerabilities affecting the various packages, with information whether they are resolved or not that's fine for the PTS. In addition, given that you are asking for adding the link, you're probably the most titled guys to know which kind of information are needed to decide whether or not to add the link :-) The PTS usually only provides some link when there's something intesresting to watch behind the link. The drawback is that the link only appears after the next PTS update. (We could AJAX to create the link. 8-P) Patches welcome :-P but anyhow that is totally unrelated with the point above, even with AJAX you would need to decide whether or not to add the link. You can only gain that you can do a query on a per-package resource to check whether it should be added (besides of course being more up to date, but that was not the topic of discussion here). Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],cs.unibo.it,debian.org} -%- http://upsilon.cc/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time signature.asc Description: Digital signature
Bug#460983: PTS: Please link to Security Tracker
On Wed, 16 Jan 2008, Florian Weimer wrote: Yes, this should be possible. I will think a bit abot it end try to write some code to implement this. It will be easier if we also include resolved security issues in the count (otherwise, it's hard to express the state in a single number). I'd like to see it implemented in the following way: - if there are open issues, then add an entry in the TODO part of the page - if there are issues (whatever their status), add a link in a sidebar somewhere - if there's nothing in the tracker, then there should be no link at all Thus it's important to have a count of open issues (and closed issues if you want a link on the sidebar and not only a link in the TODO part). The PTS usually only provides some link when there's something intesresting to watch behind the link. The drawback is that the link only appears after the next PTS update. (We could AJAX to create the link. 8-P) It's not a drawback it's a feature. A link which is always displayed is far less likely to be checked by the maintainer than a link that's displayed only when there's something relevant to see. Then of course we could make the PTS 100% dynamic and refresh the content more often. But that's a task that I won't pursure in the near future. :) Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/
Bug#460983: PTS: Please link to Security Tracker
Raphael Hertzog wrote: On Wed, 16 Jan 2008, Moritz Muehlenhoff wrote: It would be good if the PTS would link to the Debian Security Tracker. The URL format is http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME Can you provide a (regularly updated) file which list sources packages for which there are open issues? Maybe with a count of open issues and a list of CVE? source count CVE-XXX ... The PTS usually only provides some link when there's something intesresting to watch behind the link. This is not only about the currently open issues, but about having the security history of a package in an overview next to the other package characteristics. I would suggest to place it in the Other links section. E.g. the link http://idssi.enyo.de/tracker/source-package/lynx would list all security issues, which have been fixed during the recent years. But the other solution outlined by Florian would also be interesting. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#460983: PTS: Please link to Security Tracker
Package: qa.debian.org Severity: wishlist It would be good if the PTS would link to the Debian Security Tracker. The URL format is http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME Cheers, Moritz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-rc7-686 (SMP w/1 CPU core) Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]