subject:"Bug#742382\: Display oldstable\/stable security and olstable\-lts repositories in tabular view. \(Closes\: #742382\)"

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-22 Thread Holger Levsen

Hi,

On Montag, 22. September 2014, Christoph Biedl wrote:
> While the new appearence of the security tracker is a *huge*
> improvemnt, both in information details and design, thanks for that,

thanks!

> As a suggestion for the above issue:
> 
> + squeeze, squeeze (security)   5.04-5+squeeze5 [gray]No longer supported¹
> | squeeze (lts) 5.04-5+squeeze7 [green]fixed
> + wheezy5.11-2+deb7u3   [light red]fix pending²
> | wheezy (security) 5.11-2+deb7u5   [green]fixed
> | jessie, sid   1:5.19-2[green]fixed

I like the idea of using more colors...

> + ¹ The squeeze suite has been discontinued. Use the "squeeze-lts" version

That's (slightly) misleading and wrong, though.

> + ² Will be handled in due course. Use the "wheezy (security)" version
> The footnotes are part of the text. And yes, they'd have to appear
> on every page.
> Your opinion on that?

yes, true, the security tracker still has some bugs which need to be fixed. 
Specific suggestions (like colors or footnotes) are best suggested in seperate 
short bugs, yet best with patches :-)

That said, I don't agree with the described urgency / panic. Debian might look 
bad because of bad things we do or good things we dont do, but seldomly 
because our security tracker is too accurate (or even inaccurate/wrong at 
times) :-) 

cheers,
Holger

signature.asc
Description: This is a digitally signed message part.

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-22 Thread Christoph Biedl

Salvatore Bonaccorso wrote...

> I was hoping to see some other feedback/tests on that. But it worked
> for me as well in my testinstance.

While the new appearence of the security tracker is a *huge*
improvemnt, both in information details and design, thanks for that,
there's still something I'd like to bother: While accurate, it sends
the wrong message to those who don't know the background, that's a lot
of people, and that's a problem.

As an arbitrary example,
 lists
"squeeze, squeeze (security)" and "wheezy" as "[red]vulnerable".

The meaning is "squeeze, squeeze (security) is no longer supported,
use squeeze (lts) instead"; and "wheezy will be handled in the next
point release, use wheezy (security) and you're safe". We (as in
Debian adept) know this, at least to some extent. 

The message sent to the unaware, for example from other distributions,
however is: "These Debian guys haven't fixed some security issues
yet." This conception, implying Debian was not secure to use, may
arise even to those without bad intentions, nevertheless Debian's
reputation might suffer from that. While originally the tracker might
have been mostly for internal use, it's public information, and I
think it's important to put some clarification into it.

So I'd suggest to use "[red]vulnerable" only in places where action by
someone (maintainer/security team/LTS) is required. And yes, this
means more than just two states.

As a suggestion for the above issue:

+ squeeze, squeeze (security)   5.04-5+squeeze5 [gray]No longer supported¹
| squeeze (lts) 5.04-5+squeeze7 [green]fixed
+ wheezy5.11-2+deb7u3   [light red]fix pending²
| wheezy (security) 5.11-2+deb7u5   [green]fixed
| jessie, sid   1:5.19-2[green]fixed
+ ¹ The squeeze suite has been discontinued. Use the "squeeze-lts" version
+ ² Will be handled in due course. Use the "wheezy (security)" version

The footnotes are part of the text. And yes, they'd have to appear
on every page.

Your opinion on that?

Christoph


signature.asc
Description: Digital signature

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-15 Thread Salvatore Bonaccorso

Hi,

On Mon, Sep 15, 2014 at 11:40:59PM +0200, Holger Levsen wrote:
> Hi,
> 
> On Samstag, 13. September 2014, Salvatore Bonaccorso wrote:
> > I have your patch running on my testinstance and looks good so far!
> > (But having done only some basic tests).
> 
> I'd like to push this one next, as this really makes a difference, whether 
> security+lts are considered, or not ;-) 
> 
> Any objections? Works fine and looks fine to me...

I was hoping to see some other feedback/tests on that. But it worked
for me as well in my testinstance.

Please go ahead with the commit!

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140916045702.ga31...@lorien.valinor.li

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-15 Thread Holger Levsen

Hi,

On Samstag, 13. September 2014, Salvatore Bonaccorso wrote:
> I have your patch running on my testinstance and looks good so far!
> (But having done only some basic tests).

I'd like to push this one next, as this really makes a difference, whether 
security+lts are considered, or not ;-) 

Any objections? Works fine and looks fine to me...


cheers,
Holger




signature.asc
Description: This is a digitally signed message part.

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-13 Thread Salvatore Bonaccorso

Hi Holger,

On Sat, Sep 13, 2014 at 01:51:52AM +0200, Holger Levsen wrote:
> Hi,
> 
> commit b22f1ba0cd9499e716f7b729f546a98bd4950dda
> Author: Holger Levsen 
> Date:   Sat Sep 13 01:47:11 2014 +0200
> 
> Display oldstable/stable security and olstable-lts repositories
> in tabular view. (Closes: #742382)

I have your patch running on my testinstance and looks good so far!
(But having done only some basic tests).

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140913155619.GA25028@eldamar.local

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

2014-09-12 Thread Holger Levsen

Hi,

commit b22f1ba0cd9499e716f7b729f546a98bd4950dda
Author: Holger Levsen 
Date:   Sat Sep 13 01:47:11 2014 +0200

Display oldstable/stable security and olstable-lts repositories
in tabular view. (Closes: #742382)

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index fb3fd27..48ad599 100644
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -545,19 +545,18 @@ to improve our documentation and procedures, so feedback 
is welcome.""")])])
 pkg = path[0]
 
 def gen_versions():
-for (releases, version) in self.db.getSourcePackageVersions(
-self.db.cursor(), pkg):
-yield ', '.join(releases), version
+for (release, version) in self.db.getSourcePackageVersions(
+self.db.cursor(), pkg):
+yield release, version
 def gen_bug_list(lst):
 for (bug, description) in lst:
 yield self.make_xref(url, bug), description
 
 suites = ()
-for (releases, version) in self.db.getSourcePackageVersions(
+for (release, version) in self.db.getSourcePackageVersions(
 self.db.cursor(), pkg):
-for r in releases:
-if r not in suites:
-suites = suites + (r,)
+if release not in suites:
+suites = suites + (release,)
 
 def gen_summary(bugs):
 for (bug, description) in bugs:
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index b15924e..4a4a2b7 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -432,6 +432,14 @@ class DB:
 return -1
 self.db.createscalarfunction("release_to_number", release_to_number, 
1)
 
+subreleases = ['', 'security', 'lts']
+def subrelease_to_number(u):
+try:
+return subreleases.index(u)
+except ValueError:
+return -1
+self.db.createscalarfunction("subrelease_to_number", 
subrelease_to_number, 1)
+
 def release_name(release, subrelease, archive):
 if archive <> 'main':
 release = release + '/' + archive
@@ -1566,14 +1574,13 @@ class DB:
 """A generator which returns tuples (RELEASE-LIST, VERSION),
 the available versions of the source package pkg."""
 
-for (releases, version) in cursor.execute(
-"""SELECT string_list(release) AS releases, version
-FROM (SELECT release, version FROM source_packages
+for (release, version) in cursor.execute(
+"""SELECT release_name(release, subrelease, archive)
+AS release, version FROM source_packages
 WHERE name = ?
 AND release IN ('squeeze', 'wheezy', 'jessie', 'sid')
-ORDER BY release_to_number(release))
-GROUP BY version""", (pkg,)):
-yield releases.split(', '), version
+ORDER BY release_to_number(release), 
subrelease_to_number(subrelease)""", (pkg,)):
+yield release, version
 
 def getBinaryPackageVersions(self, cursor, pkg):
 """A generator which returns tuples (RELEASE-LIST,


cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

Bug#742382: Display oldstable/stable security and olstable-lts repositories in tabular view. (Closes: #742382)

6 matches

Site Navigation

Mail list logo

Footer information