I have been following this RSS feed for some time now and have been very frustrated at a number of things. The primary of which is that every time I updated this feed in my feed reader software (liferea) all of the dates on the releases are set to exactly the same time, namely the time the feed was last updated. There is no way that I can keep track of new ones by date when this is the case. The right way to do this is to set the date of each item to the date of the GLSA release, not the time of the update. I am not sure if this is because there is no date in the RSS output or whether it is because the RSS feed generator is adding the date when it is refreshed or what. But this would be great to have the correct date of the GLSA in the feed set properly.
There's no date in that feed. If you see one, it's because your feed reader adds one. I can't say whether it uses the current date or the date from the HTTP header, but both would be wrong anyway. As you said, the right(tm) thing to do is to add the revised date of each glsa. The feed is based on http://www.gentoo.org/dyn/glsa-index.xml The actual XML source that is transformed to generate the feed is http://www.gentoo.org/dyn/glsa-index.xml?passthru=1 No date. If the <announced> & <revised> tags of GLSAs used the yyyy-mm-dd format as they should according to the comments in the DTD, it would be theoretically possible to fix this just by editing the current XSL but... Opening each GLSA at transform-time would be quite costly. It might even take longer than allowed by apache and time out. IMvHO, generating an index of GLSAs as a GuideXML doc was not a good idea. An index of GLSAs with proper information that can be transformed into a document, a feed or anything else would have been a much better idea. Just like the news items for the front page for instance. I did it in a different way on my own experimental site. Using the glsa index: http://gentoo.neysx.org/security/en/glsa/ http://gentoo.neysx.org/security/en/ FYI, the xml source of those two docs is exactly the same as on www.g.o The feed: http://gentoo.neysx.org/rdf/en/glsa-index.rdf http://gentoo.neysx.org/rdf/en/glsa-index.rdf?num=20 http://gentoo.neysx.org/rdf/en/glsa-index.rdf?num=all The glsa index: http://gentoo.neysx.org/dyn/glsa-index.xml Hth
Well, the RSS feeds on your site definitely work much better. Also, because they have dates in them the read status of each of the news item does not get refreshed each time the feed is updated! Great work. If this could be rolled into the production site/feed it would be great!
(In reply to comment #2) > Great work. If this could be rolled into the production site/feed it would be > great! I'd need feedback from our security guys before the GLSA index under /dyn/ can be changed. There's nothing on our site that points to it. If they're OK with it, we can use my script to generate the new index. I'll take care of the xsl transforms that generate the feed and handle the glsa tags in GuideXML.
koon or solar this is your playground.
the new scripts seem to be waaay better. i see no reason why we shouldnt make use of it? sec team, please comment - or leaders, dictate :P
i don't really use RSS but if you can see an improvement and no regression, then i'm ok to install the scripts on www.gentoo.org
neysx: bumpity. The security guys approved it if you want to commit.
(In reply to comment #7) > neysx: bumpity. The security guys approved it if you want to commit. One notification per edits is enough. Thanks :) I can commit XSL, not add a script to web nodes. As it's ok to replace the current /dyn/glsa-index.xml, the script that creates it *and* the xsl on the web nodes need to be replaced at the same time. The following bit has been running hourly on neysx.org for ~1.5 years =============================== # Build glsa-index.xml # $W should contain the web doc root, i.e. /..../htdocs ruby glsa-extract.rb $W/security/en/glsa > tmp.glsa xmllint --noout --valid tmp.glsa if [ $? -eq 0 ]; then diff tmp.glsa $W/dyn/glsa-index.xml 2>/dev/null 1>&2 if [ $? -ne 0 ]; then mv tmp.glsa $W/dyn/glsa-index.xml fi fi =============================== Please have a look and let me know when you'd be available to make the transition. Give me at least a week to backport my own XSL to g.o
Created attachment 140861 [details] Ruby script that creates a new glsa-index.xml
Please create the new GLSA index under a new name, eg. glsa-index2.xml and I'll adapt the XSL. Thanks.
Created attachment 148646 [details] New script Removed date foo since <revised> elements are about to be converted to YYYY-MM-DD format upstream++.
http://www.gentoo.org/dyn/glsa-index2.xml does now exist on the mirrors. neysx: FYI, the scripts ARE in CVS at /var/cvsroot/gentoo-infra/cfengine/files/home/gweb/scripts/master/
reassign to neysx for the XSL
(In reply to comment #12) > http://www.gentoo.org/dyn/glsa-index2.xml does now exist on the mirrors. Thanks. > neysx: FYI, the scripts ARE in CVS at > /var/cvsroot/gentoo-infra/cfengine/files/home/gweb/scripts/master/ Good to know but it does not help me since I can't access them, not even R/O. BTW, can't fix until escurity guys fix the date elements
(In reply to comment #14) > BTW, can't fix until escurity guys fix the date elements I sent a bunch of patches to genone a few days ago, preparing glsa-check for the date display. We're not going to convert the GLSAs before that is in the tree.
What is this issue currently waiting on? I did a search for glsa-check issues ("ALL glsa-check") and didn't see anything relating to the patches mentioned in comment #15 Genone is currently marked devaway, but since 2007-03 according to http://www.gentoo.org/proj/en/devrel/roll-call/devaway.xml?select=genone#genone
Alright. I'm tempted to close this bug, but since no one knows what is going on or current status I'll just remove infra.
