Re: DSA-2135-1 vs. tracker
On Tue, 21 Dec 2010 22:35:41 +0100 Francesco Poli wrote: [...] Please fix the tracker data. The data have been fixed: thanks! -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpeMYXH5FXKQ.pgp Description: PGP signature
script to add DSA's to tracker disabled
Hi, I ran a script that automatically added released DSA's to data/DSA/list. As this script uses bin/dsa2list and that tool cannot cope with the changed advisory format, it doesn't make sense to keep committing half parsed advisories. Cheers, Thijs signature.asc Description: This is a digitally signed message part.
Re: script to add DSA's to tracker disabled
On Wed, 22 Dec 2010 21:25:59 +0100, Thijs Kinkhorst wrote: Hi, I ran a script that automatically added released DSA's to data/DSA/list. As this script uses bin/dsa2list and that tool cannot cope with the changed advisory format, it doesn't make sense to keep committing half parsed advisories. Is there any way we could get the discussion on the subsequent changes to new format started. Hopefully the lost info that broke your script could be included in a more systematic manner to make it easier to automatically parse (maybe as a yaml attachment?). Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101222153304.4a5c026b.michael.s.gilb...@gmail.com
Re: script to add DSA's to tracker disabled
On Wed, 22 Dec 2010 21:25:59 +0100 Thijs Kinkhorst wrote: Hi, Hi Thijs! I ran a script that automatically added released DSA's to data/DSA/list. As this script uses bin/dsa2list and that tool cannot cope with the changed advisory format, it doesn't make sense to keep committing half parsed advisories. I am not sure I understand what you are proposing: are you saying that the automatic tracker update should be temporarily suspended, until dsa2list is fixed to parse the new advisory format? I hope dsa2list may be updated soon... May I go on reporting inconsistencies between DSAs and tracker data, whenever I notice any? Please let me know. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpcq1t6cKJKG.pgp Description: PGP signature
Re: script to add DSA's to tracker disabled
On Wed, 22 Dec 2010 21:35:00 +0100, Francesco Poli wrote: On Wed, 22 Dec 2010 21:25:59 +0100 Thijs Kinkhorst wrote: Hi, Hi Thijs! I ran a script that automatically added released DSA's to data/DSA/list. As this script uses bin/dsa2list and that tool cannot cope with the changed advisory format, it doesn't make sense to keep committing half parsed advisories. I am not sure I understand what you are proposing: are you saying that the automatic tracker update should be temporarily suspended, until dsa2list is fixed to parse the new advisory format? I hope dsa2list may be updated soon... May I go on reporting inconsistencies between DSAs and tracker data, whenever I notice any? Since the script is disabled, the tracker won't be getting any new DSA pages automatically. We'll need to do that manual. If you see that hasn't been done after a couple days, just send a reminder. Thanks, Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101222155601.c965b3a2.michael.s.gilb...@gmail.com
Re: [SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities
On Tue, Dec 21, 2010 at 12:34 PM, Moritz Muehlenhoff wrote: Upgrade instructions - If you are using the apt-get package manager, use the line for sources.list as given below: For future advisories, I wonder if this might be better said as Make sure that a 'deb http://security.debian.org/ stable/updates main' line is included in your /etc/apt/sources.list and then run the following commands to perform the update' apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Isn't this a repeat of the first sentence in the upgrade instructions? - - For apt-get: deb http://security.debian.org/ stable/updates main I think this would be better stated in plain English as suggested above. For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Since dpkg-ftp is removed from sid/squeeze (and I don't know if it checks signatures), I think this line should be removed. Mailing list: debian-security-annou...@lists.debian.org Is this statement useful? The user can look at the mail header to see where it came from. Package info: `apt-cache show pkg' and http://packages.debian.org/pkg This may be better to state in plain English. For example, For more info on this package, type 'apt-cache show' or visit http://packages.debian.org/pkg. For information on the changes involved type 'cat /usr/share/doc/pkg/changelog.Debian.gz' or install the apt-listchanges package. I wonder if there should be a warning somewhere in this footer about using tools (such as dpkg) that don't check signatures? Or maybe explicitly state that apt, aptitude, synaptic, software center, update manager, etc are the only recommended tools. Anyway, just some thoughts on new changes. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimscmql9ztzrffans_5yjob4o4kxpvhz2w_l...@mail.gmail.com
