You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Mark J Cox <ma...@awe.com> on 2005/04/29 12:56:32 UTC
Proposed addition to httpd.apache.org
A while ago I promised that we'd give the database of security issues used
to generate the Apache Week security pages to the ASF. Yesterday I worked
on integrating these pages with httpd-site repos; but since it involves a
non-trivial change I wanted to propose it here for an ack or two before
actually committing it.
The database is just a big XML file and we used XSLT to extract and sort
the vulnerabilities relevant to the page for the particular httpd version
we're generating. I've created a modified version of the XSLT which
extracts the data for the pages and pops it into the velocity format the
site uses.
So the commit would:
Add lib/ant-trax.jar (needed for the xslt)
Add security/ directory
Add security/vulnerabilities-httpd.xml (database)
Add security/impact_levels.xml (http://www.apacheweek.com/features/security-levels)
Add stylesheets/securitydb.xsl
Add stylesheets/securitydates.xsl
Modify build.xsl to run XSLT on vulnerabilities-httpd.xml which creates
/security/vulnerabilities_13.xml, an equivalent to
http://www.apacheweek.com/features/security-13, and
/security/vulnerabilities_20.xml, an equivalent to
http://www.apacheweek.com/features/security-30).
Diff (minus ant-trax and the resultant /docs/ changes) at
http://esoom.com/add-apacheweek-stuff.diff
Once this is running I intend to remove this data from Apache Week and
redirect the duplicate Apache Week pages to httpd.apache.org, so
httpd.apache.org is the master source of this info.
Cheers,
Mark
Re: Proposed addition to httpd.apache.org
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
+1 - sounds like a good solution for now.
I hear that some additional forest / xslt / composition tools
are going to be installed for some projects, but believe your
suggestion is fine to move this along :)
Bill
At 05:56 AM 4/29/2005, Mark J Cox wrote:
>A while ago I promised that we'd give the database of security issues used
>to generate the Apache Week security pages to the ASF. Yesterday I worked
>on integrating these pages with httpd-site repos; but since it involves a
>non-trivial change I wanted to propose it here for an ack or two before
>actually committing it.
>
>The database is just a big XML file and we used XSLT to extract and sort
>the vulnerabilities relevant to the page for the particular httpd version
>we're generating. I've created a modified version of the XSLT which
>extracts the data for the pages and pops it into the velocity format the
>site uses.
>
>So the commit would:
>
>Add lib/ant-trax.jar (needed for the xslt)
>Add security/ directory
>Add security/vulnerabilities-httpd.xml (database)
>Add security/impact_levels.xml (http://www.apacheweek.com/features/security-levels)
>Add stylesheets/securitydb.xsl
>Add stylesheets/securitydates.xsl
>
>Modify build.xsl to run XSLT on vulnerabilities-httpd.xml which creates
>/security/vulnerabilities_13.xml, an equivalent to
>http://www.apacheweek.com/features/security-13, and
>/security/vulnerabilities_20.xml, an equivalent to
>http://www.apacheweek.com/features/security-30).
>
>Diff (minus ant-trax and the resultant /docs/ changes) at
>http://esoom.com/add-apacheweek-stuff.diff
>
>Once this is running I intend to remove this data from Apache Week and
>redirect the duplicate Apache Week pages to httpd.apache.org, so
>httpd.apache.org is the master source of this info.
>
>Cheers,
>Mark