[opensuse-security] wiki-template: links to NVD or MITRE wanted (or both templates?)
TO: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-... I have made a small template that links with a CVE number to a vulnerability of the according page of the National Vulnerability Database. I am wondering if also or instead a template like that that likes to the according page of MITRE is wanted/makes sense. As more than one project is affected maybe you (pl.) would like to answer on the forums? Regards Martin -- - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Feb 15, 2011 at 06:35:24PM +0100, pistazienfresser (see profile) wrote:
TO: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-...
I have made a small template that links with a CVE number to a vulnerability of the according page of the National Vulnerability Database. I am wondering if also or instead a template like that that likes to the according page of MITRE is wanted/makes sense.
As more than one project is affected maybe you (pl.) would like to answer on the forums?
It is missing also the possible to template http://support.novell.com/security/cve/ for our fixed issues. (but the Evergreen ones wont appear there) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Am 15/02/11 21:22, schrieb Marcus Meissner:
On Tue, Feb 15, 2011 at 06:35:24PM +0100, pistazienfresser (see profile) wrote:
TO: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-...
I have made a small template that links with a CVE number to a vulnerability of the according page of the National Vulnerability Database. I am wondering if also or instead a template like that that likes to the according page of MITRE is wanted/makes sense.
As more than one project is affected maybe you (pl.) would like to answer on the forums?
It is missing also the possible to template http://support.novell.com/security/cve/ for our fixed issues. (but the Evergreen ones wont appear there)
Ciao, Marcus
So a link to e. g. http://support.novell.com/security/cve/CVE-2011-0006.html ? What would you think would be a practicable and easy to remember synta So like {{Security|CVE-2010-4344}} or {{Sec|CVE-2010-4344}} or {{NSLs|CVE-2010-4344}} or {{NSLS|CVE-2010-4344}} to link to http://support.novell.com/security/cve/CVE-2010-4344.html ? And should that that the three templates make be able to be distinguished by the look or look all alike? The now existing make now both something like: CVE-2010-4344 Regards Martin -- - Martin Seidler - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Feb 15, 2011 at 10:22:27PM +0100, pistazienfresser (see profile) wrote:
Am 15/02/11 21:22, schrieb Marcus Meissner:
On Tue, Feb 15, 2011 at 06:35:24PM +0100, pistazienfresser (see profile) wrote:
TO: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-...
I have made a small template that links with a CVE number to a vulnerability of the according page of the National Vulnerability Database. I am wondering if also or instead a template like that that likes to the according page of MITRE is wanted/makes sense.
As more than one project is affected maybe you (pl.) would like to answer on the forums?
It is missing also the possible to template http://support.novell.com/security/cve/ for our fixed issues. (but the Evergreen ones wont appear there)
Ciao, Marcus
So a link to e. g. http://support.novell.com/security/cve/CVE-2011-0006.html ? What would you think would be a practicable and easy to remember synta So like {{Security|CVE-2010-4344}} or {{Sec|CVE-2010-4344}} or {{NSLs|CVE-2010-4344}} or {{NSLS|CVE-2010-4344}} to link to http://support.novell.com/security/cve/CVE-2010-4344.html ?
And should that that the three templates make be able to be distinguished by the look or look all alike? The now existing make now both something like: CVE-2010-4344
NovellCVE? If there is no good word we can leave it out I guess. Its not fully necessary to link CVEs either I guess, as they usually are not on Wiki pages. Just for the Evergreen overview currently. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Feb 15, 2011 at 10:22:27PM +0100, pistazienfresser (see profile) wrote:
Am 15/02/11 21:22, schrieb Marcus Meissner:
On Tue, Feb 15, 2011 at 06:35:24PM +0100, pistazienfresser (see profile) wrote:
TO: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-...
I have made a small template that links with a CVE number to a vulnerability of the according page of the National Vulnerability Database. I am wondering if also or instead a template like that that likes to the according page of MITRE is wanted/makes sense.
As more than one project is affected maybe you (pl.) would like to answer on the forums?
It is missing also the possible to template http://support.novell.com/security/cve/ for our fixed issues. (but the Evergreen ones wont appear there)
Ciao, Marcus
So a link to e. g. http://support.novell.com/security/cve/CVE-2011-0006.html ? What would you think would be a practicable and easy to remember syntax [x added ;)] So like {{Security|CVE-2010-4344}} or {{Sec|CVE-2010-4344}} or {{NSLs|CVE-2010-4344}} or {{NSLS|CVE-2010-4344}} to link to http://support.novell.com/security/cve/CVE-2010-4344.html ?
And should that that the three templates make be able to be distinguished by the look or look all alike? The now existing make now both something like: CVE-2010-4344
NovellCVE? If there is no good word we can leave it out I guess. Do you refer to
Am 15/02/11 22:32, schrieb Marcus Meissner: the name of the template (and so the syntax in the wiki source code) or the look of the result on the article page or do you think both should be the same/according?
Its not fully necessary to link CVEs either I guess, as they usually are not on Wiki pages. Just for the Evergreen overview currently.
If I remember right that linking was also my doing on the Evergreen 11.1 page. If you take a look at it you see that I let just the pure CVE-ID be stand and give a explanation where the links go in an other section of the article (where in the wikipedias the external links are located). By the way: Ist there anywhere an explanation about the "Published Novell/SUSE Linux security updates by CVE number : Common Vulnerabilities and Exposures" http://support.novell.com/security/cve/ ('NovellCVE'/'NSLs'?) and its cause and function? Regards Martin (pistazienfresser) -- - Martin Seidler - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, Feb 16, 2011 at 10:48:23AM +0100, pistazienfresser (see profile) wrote:
NovellCVE? If there is no good word we can leave it out I guess. Do you refer to the name of the template (and so the syntax in the wiki source code) or the look of the result on the article page or do you think both should be the same/according?
The name of the template. In the wiki I am not sure how to mark it. CVEs are CVEs, we just have different database (Mitre, NVD, Novell). I am not sure how to mark this up for linking.
Its not fully necessary to link CVEs either I guess, as they usually are not on Wiki pages. Just for the Evergreen overview currently.
If I remember right that linking was also my doing on the Evergreen 11.1 page.
If you take a look at it you see that I let just the pure CVE-ID be stand and give a explanation where the links go in an other section of the article (where in the wikipedias the external links are located).
Then its fine I think.
By the way: Ist there anywhere an explanation about the "Published Novell/SUSE Linux security updates by CVE number : Common Vulnerabilities and Exposures" http://support.novell.com/security/cve/ ('NovellCVE'/'NSLs'?) and its cause and function?
I had hoped it would be self-explaining ... "A CVE database indexing our released and in QA being security fixes." Do you think it needs more explanation? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Wed, Feb 16, 2011 at 10:48:23AM +0100, pistazienfresser (see profile) wrote:
NovellCVE? If there is no good word we can leave it out I guess. Do you refer to the name of the template (and so the syntax in the wiki source code) or the look of the result on the article page or do you think both should be the same/according?
The name of the template.
In the wiki I am not sure how to mark it. CVEs are CVEs, we just have different database (Mitre, NVD, Novell). I am not sure how to mark this up for linking. I think if the Novell Database is more used in the wiki it would make sense to move the template that links to the reference CVE database from MITRE to something like [[Template:MITRE]] or [[Template:M-CVE]] and to make a new one on [[Template:CVE]] that links to the entries in the Novell database? And what do you (pl.) in general think about the 'best' (=suitable for
Am 16/02/11 17:23, schrieb Marcus Meissner: the users) syntax? See: http://forums.opensuse.org/english/other-forums/community-fun/opensuse-wiki-...
Its not fully necessary to link CVEs either I guess, as they usually are not on Wiki pages. Just for the Evergreen overview currently.
If I remember right that linking was also my doing on the Evergreen 11.1 page.
If you take a look at it you see that I let just the pure CVE-ID be stand and give a explanation where the links go in an other section of the article (where in the wikipedias the external links are located).
Then its fine I think.
By the way: Ist there anywhere an explanation about the "Published Novell/SUSE Linux security updates by CVE number : Common Vulnerabilities and Exposures" http://support.novell.com/security/cve/ ('NovellCVE'/'NSLs'?) and its cause and function?
I had hoped it would be self-explaining ... "A CVE database indexing our released and in QA being security fixes."
Do you think it needs more explanation?
Maybe I am just a bit too nosy and too stupid but I am in general interested how the hole Novell/openSUSE security thing is functioning - for instance what is "QA" (surely something to do with quality assurance but what team and how is it connected, (how) can normal users help/participate?). -> so it is a sorted list of the security related fixes - both the released ones and the ones that are jet being tested? Sorted by the ID's that the MITRE gave them? puzzled pistazienfresser (Martin) -- - Martin Seidler - openSUSE profile: https://users.opensuse.org/show/pistazienfresser -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Marcus Meissner -
pistazienfresser (see profile)