External check

2020-10-02 Thread Security Tracker 
CVE-2020-10762: RESERVED
CVE-2020-15216: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

Bug#908678: Update on the security-tracker git discussion

2020-10-02 Thread Sylvain Beucler 
Hi,

On Tue, 6 Aug 2019 08:28:43 +0200 Salvatore Bonaccorso wrote:
> Thanks for keeping track and following up.
> 
> On Tue, Aug 06, 2019 at 08:05:11AM +0200, Bastian Blank wrote:
> > Moin
> > 
> > On Tue, Jul 02, 2019 at 01:38:10PM +0200, Moritz Muehlenhoff wrote:
> > > On Tue, Jul 02, 2019 at 01:25:43PM +0200, Salvatore Bonaccorso wrote:
> > > > p.s.: Question is if we should do a split as well for the other types of
> > > >   files which are supported (DSA, TDSA, ...) while at it.
> > > We can axe out DTSA/* while we're at it.
> > > For DSA/list (and DLA/list) we can initially keep it as a single file, it 
> > > can
> > > still be split later on if necessary.
> > 
> > Following up to 
> > 
> > | Please provide a plan how and when to fix this before 2019-06-30.
> > 
> > We have now one month later.  Please provide the plan.
> 
> The items in
> https://salsa.debian.org/security-tracker-team/security-tracker-service/issues/1
> needs further detailed and then sorted/prioritized. Later actual
> implementation work on making the split possible on tracker and other
> tooling side needs to happen. We cannot depend on a non-functional
> instance for the day to day work, so all of the above basically will
> need to be ported in some sensible way.
> 
> Progress is slow due to other time limitations in day to day tasks.
> 
> Still if it is going to be too much burden for salsa admin and needs
> to be fast, then I only see that we temporarily switch away from salsa
> to gitlab or another hosting (github will not work) and then move back
> once the split has finally happened.

It seems a bit difficult to make a big switch, probably because it's not
easy to know and test all the various involved scripts.

Considering a more progressive approach, is there something preventing
us from switching to the rewritten repository and split/merging the
file, something like:

diff --git a/conf/post-merge b/conf/post-merge
new file mode 100755
index 00..a9991c1cc9
--- /dev/null
+++ b/conf/post-merge
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "post-merge"
+[ -f data/CVE/1999.list ] && cat data/CVE/*.list > data/CVE/list
diff --git a/conf/pre-commit b/conf/pre-commit
index 767e478e36..12e781e97d 100755
--- a/conf/pre-commit
+++ b/conf/pre-commit
@@ -5,3 +5,4 @@ set -e
 exec 1>&2

 make check-syntax
+bin/split-by-year.py

?

Cheers!
Sylvain