[TYPO3] a thought about security announcements and automatic security alert
Krystian Szymukowicz
typo3RE.MO.VE. at RE.MO.VE.prolabium.com
Tue May 27 18:42:45 CEST 2008
Krystian Szymukowicz pisze:
> Dmitry Dulepov [typo3] wrote:
>> Krystian Szymukowicz wrote:
>>> What about:
>>> a) comma separated constrains of affected.
>>> a) comma separated constrains of exception.
>>>
>>> ext_key affected versions exceptions bulletin
>>> sg_zfelib;(1.1.0-1.1.512),(2.0.0-2.2.982);(2.0.1-2.0.2);TYPO3-20080527-2
>>
>> Well, this is where xml is really handy... I am not a fun of "xml for
>> everything" (and not a fun of xml in general) but here it is better
>> than text. For example:
>>
>> <issue>
>> <bulletine>TYPO3-20080527-2</bulletine>
>> <extkey>sg_zfelib</extkey>
>> <affected-versions>
>> <version-range>
>> <start>1.1.0</start>
>> <end>1.1.512</start>
>> </version-range>
>> <version-range>
>> <start>2.0.0</start>
>> <end>2.2.982</start>
>> </version-range>
>> <version>3.0.1</version>
>> </affected-versions>
>> </issue>
>>
>
>
> Yes. You right. I've just created wiki page for that.
>
> There are some special bulletin that are hard to fit into anything. I
> will write down those bulletin in the wiki and send the link later.
>
Here it is:
http://wiki.typo3.org/index.php/Security_Bulletin_file_format
It would be great if all of you could add some comments.
Extensions bugs are quite easy to describe.
Worse with TYPO3 core, especially how to write BETAs and RCs?
I ended up with:
<security-bug>
<type>core</type>
<bulletin>TYPO3-20070221-1</bulletin>
<affected-versions>
<version-range>
<start>3.0.0</start>
<end>3.8.1</start>
<start>4.0.0</start>
<end>4.0.5</start>
</version-range>
<version>4.1beta</version>
<version>4.1RC1</version>
</affected-versions>
</security-bug>
but I do not like it, as this doesn't tell anything for example about
3.8RC1. So maybe let it be just 4.1 without any RC/betas?
Maybe some of you will have better ideas.
--
grtz
Krystian Szymukowicz
More information about the TYPO3-english
mailing list