[Mageia-webteam] Request on behalf of secteam for a website for security update
Michael Scherer
misc at zarb.org
Thu Apr 21 00:00:07 CEST 2011
Hi,
as said on -dev, in order to manage security update, the (future)
security team would like to have a website ( or part of the website ) to
present security advisories
( http://meetbot.mageia.org/mageia-dev/2011/mageia-dev.2011-04-19-19.10.html ).
To give 2 examples, something like :
http://www.mandriva.com/fr/support/security/advisories/?dis=2010.1
or :
http://www.debian.org/security/2011/
Nothing fancy is required, a simple CRUD application should do the trick
( I will be of course partial but I think a simple django application +
theming would be enough ) . The various usability requirements are to be
discussed and proposed here, as well as the data model but nothing
complex is needed.
Now, if I could add some requirements, we ( sysadmins ) would prefer to
have it based on postgresql rather than mysql ( if choosing the sql
way ). If using a specific stack ( which again would be recommended ),
please try to stick to one of those that we already support ( django
1.1, catalyst, or rails 2.3, with update to newer version in less than 1
year but not now ), using fastcgi ( but we will take care of
deployment ).
The exact workflow is not decided yet, so I would suggest to keep it
simple for now ( like simply someone using xmlrpc to publish and to push
on a ml ). If someone has a application already written for that, this
could be considered as well I guess.
The data should be ideally managed remotely ( xml-rpc, whatever ), and
should ( if possible ) have some backend to modify it that can be used
connected to ldap ( and so we could say that people must be in some
group to connect ).
The goal is not to replicate mageia-app-db or do something like that :
https://admin.fedoraproject.org/updates/ , just to provide a simple
frontend for security announce. ( kinda like a blog, without comments,
and with a different presentation, and without all the various
features ).
--
Michael Scherer
More information about the Mageia-webteam
mailing list