[Mageia-webteam] Request on behalf of secteam for a website for security update

Michael Scherer misc at zarb.org
Thu Apr 21 00:00:07 CEST 2011


Hi,

as said on -dev, in order to manage security update, the (future)
security team would like to have a website ( or part of the website ) to
present security advisories
( http://meetbot.mageia.org/mageia-dev/2011/mageia-dev.2011-04-19-19.10.html ).


To give 2 examples, something like : 
http://www.mandriva.com/fr/support/security/advisories/?dis=2010.1
or :
http://www.debian.org/security/2011/

Nothing fancy is required, a simple CRUD application should do the trick
( I will be of course partial but I think a simple django application +
theming would be enough ) . The various usability requirements are to be
discussed and proposed here, as well as the data model but nothing
complex is needed.

Now, if I could add some requirements, we ( sysadmins ) would prefer to
have it based on postgresql rather than mysql ( if choosing the sql
way ). If using a specific stack ( which again would be recommended ),
please try to stick to one of those that we already support ( django
1.1, catalyst, or rails 2.3, with update to newer version in less than 1
year but not now ), using fastcgi ( but we will take care of
deployment ). 



The exact workflow is not decided yet, so I would suggest to keep it
simple for now ( like simply someone using xmlrpc to publish and to push
on a ml ). If someone has a application already written for that, this
could be considered as well I guess. 

The data should be ideally managed remotely ( xml-rpc, whatever ), and
should ( if possible ) have some backend to modify it that can be used
connected to ldap ( and so we could say that people must be in some
group to connect ).


The goal is not to replicate mageia-app-db or do something like that :
https://admin.fedoraproject.org/updates/ , just to provide a simple
frontend for security announce. ( kinda like a blog, without comments,
and with a different presentation, and without all the various
features ).

-- 
Michael Scherer



More information about the Mageia-webteam mailing list