[Secure-testing-team] DTSA advisory format
Moritz Muehlenhoff
jmm at inutil.org
Sun Aug 28 20:26:59 UTC 2005
Joey Hess wrote:
> > Does one of the other scripts depend on this behaviour? Adding it to the
> > front is rather ugly inplace editing, while adding it the end is a plain
> > append operation. Or does anyone know a pythonesque workaround?
>
> No, nothing depends on ordering, it's just what we expect.
Ok, I'll fix this tomorrow.
> > That was used as a workaround, because the descriptional date in the
> > advisory differs from the one in data/DTSA/list. Let's add the date
> > in ISO format (i.e 2005-08-11) into the .adv file, then I'll transform
> > it into the proper formats. It the date entry in data/DTSA/list used
> > besides statistical evaluation?
>
> No, we could just as well remove that date field. Although I might use
> the one in DSA/list if I ever fix the page to have links to DSAs, since
> you have to know the year of a DSA to link to it on the Debian web site.
Ok, then let's remove it from data/DTSA/list for the sake of KISS. I'll
adapt the dtsa script.
> > I guess that can't be avoided, as some advisories will require more time
> > than others. Security team works this way as well.
>
> There are ways to avoid it, but I don't know if they're worth it.
We could add them to SVM w/o a number and only assign the number at the
stage, where the final version is published. I don't have any preference
here.
> OTOH, I cannot remember the security team ever sending DSAs out of order.
They did, for the last time at the time after the defunct state of security
support, when several updates were prepared by several persons.
They keep the initial data, so it's a bit hard to notice in retrospect.
Moritz
More information about the Secure-testing-team
mailing list