Bug 149339 - Replace all RHSA synopsis
Replace all RHSA synopsis
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Other (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: James Slagle
Vlady Zlatkin
: Security
Depends On:
Blocks: 147875
  Show dependency treegraph
 
Reported: 2005-02-22 11:12 EST by Mark J. Cox (Product Security)
Modified: 2007-10-23 22:10 EDT (History)
3 users (show)

See Also:
Fixed In Version: RHN 4.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-31 22:52:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed replacment synopsys lines (18.55 KB, text/plain)
2005-02-22 11:13 EST, Mark J. Cox (Product Security)
no flags Details
quote the advisory names for csv processing (19.67 KB, text/plain)
2005-03-02 09:24 EST, Mark J. Cox (Product Security)
no flags Details
Replacent names (17.65 KB, text/plain)
2005-07-06 06:20 EDT, Mark J. Cox (Product Security)
no flags Details

  None (edit)
Description Mark J. Cox (Product Security) 2005-02-22 11:12:48 EST
We have severity levels calculated for all legacy RHEL and Stronghold
RHSA.  We'd like to go back through all the released RHSA and change
the current topic/synopsis lines to the new format which includes the
severity information.

This would require a little work from RHN to change the synopsis in
their database, and a little work from us to change the corresponding
one in the porkchop errata system.

There are major business benefits in doing this; aside from customers
being able to rank the legacy advisories it will help when studies
compare our response times since we can point to the Red Hat severity
level.
Comment 1 Mark J. Cox (Product Security) 2005-02-22 11:13:32 EST
Created attachment 111303 [details]
Proposed replacment synopsys lines
Comment 2 Bret McMillan 2005-02-22 12:48:34 EST
Lemme turn this back around on you... I jotted something down to see
if we could start actually capturing this data as a part of rhn400...
rather than just replacing the synopis, we could alter how we present
errata to include this new field appropriately.

Thoughts?
Comment 3 Mark J. Cox (Product Security) 2005-02-22 13:04:56 EST
Yes, in the long term we'll present this field to RHN when pushing
errata so that you can use it inside RHN for any number of neat data
presentation ideas.  However that requires changes to all the display
mechanisms (logged in via rhn, /errata via rhn, up2date, rss feed) and
so on.

This is an interim measure that can be easily implemented immediately
and will help counter the publicity that is expected at the start of
next month when a new report is released surrounding our poor response
times.
Comment 5 Mark J. Cox (Product Security) 2005-03-02 09:16:44 EST
I've looked at webdev but there is a mistake on a few of these issues due to csv
parsing... the ones which have ,'s in the data... for example

RHSA-2002:248,Important: apache, mod_ssl, php security update for Stronghold

you list this as "Important: apache" and drop everything after the second comma

Comment 6 Mark J. Cox (Product Security) 2005-03-02 09:24:38 EST
Created attachment 111566 [details]
quote the advisory names for csv processing
Comment 7 Bret McMillan 2005-03-02 10:30:14 EST
Mark,

I've asked jslagle to revert the webdev change so we can setup a satellite
pointing @ webdev and ensure that applying this change doesn't result in
unexpected behavior (duplicate errata mails, etc).

If it works ok, we'll apply the change, to get it out there in the near term,
and revert it once we get an additional column to represent the data on the
rhnErrata table.
Comment 8 James Slagle 2005-06-08 10:57:01 EDT
updating estimates
Comment 9 Mark J. Cox (Product Security) 2005-06-08 10:58:46 EDT
If you get close to performing this update please let me know as I will check
for a final time the replacement lines before you commit them.
Comment 10 James Slagle 2005-07-05 11:40:46 EDT
Mark, do you want to provide me with a new csv, or just review the changes once
I've applied them on dev?  I plan on putting them on dev this afternoon.  It
will go to production on 7/19.
Comment 11 Mark J. Cox (Product Security) 2005-07-05 11:44:15 EDT
I can supply an updated csv tommorrow morning; can you wait for that?
Comment 12 James Slagle 2005-07-05 11:45:12 EDT
Yes, that's no problem.
Comment 13 Mark J. Cox (Product Security) 2005-07-06 06:20:54 EDT
Created attachment 116402 [details]
Replacent names
Comment 14 Mark J. Cox (Product Security) 2005-07-06 06:22:38 EDT
Okay, so I double checked the file this morning and modified it -- we decided
not to change the synopsis of kernel issues that were part of an Update release
for example.  Attached (see comment 13)
Comment 15 James Slagle 2005-07-06 11:54:32 EDT
The synopsis have been update on dev.

Note: The following errata in the csv don't seem to exist in RHN:
--No rows found for:
--   RHSA-2002:040 Critical: php security update for Stronghold

--No rows found for:
--   RHSA-2002:045 Important: mod_ssl security update for Stronghold

--No rows found for:
--   RHSA-2004:297 Low: xchat security update


Testplan
========
1. Use the advanced search for Errata and search for some of the errata in the
attached csv by advisory.
2. Verify that the synopsis for the errata are set to what is in the csv file.

Keep in mind you may not be able to see all of these errata in a search, b/c you
can only search for errata that are in a channel to which you have access.
Comment 16 Mark J. Cox (Product Security) 2005-07-07 07:50:17 EDT
I've tested this by looking at specific issues at random on rhn.webdev, and then
looking at the list of all RHEL3, RHEL4, Stronghold, RHEL2.1 advisories at
https://rhn.webdev.redhat.com/errata/ making sure that all issues were correctly
marked.  This found one missing entry:

RHSA-2005:104,"Moderate: mod_python security update"

RHSA-2004:297 can be ignored, it is a duplicate of 2004:585
RHSA-2002:040 and RHSA-2002:045 can both be ignored, they are "Stronghold Cross
Platform" packages.

Comment 17 James Slagle 2005-07-08 09:23:39 EDT
All the updates for the errata in the attachment are now on qa.

The additional update in comment #16 is on_dev and will be pushed to qa during
our next qa push, scheduled for 7/14.
Comment 18 Mark J. Cox (Product Security) 2005-07-15 03:46:07 EDT
On QA, looked at a random sampling at
https://rhn.webqa.redhat.com/errata/
and all looked good.
Comment 19 Vlady Zlatkin 2005-07-15 16:49:33 EDT
looks good to me, prod ready

Note You need to log in before you can comment on or make changes to this bug.