You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Mark J Cox <ma...@awe.com> on 2005/04/29 12:56:32 UTC

Proposed addition to httpd.apache.org

A while ago I promised that we'd give the database of security issues used
to generate the Apache Week security pages to the ASF.  Yesterday I worked
on integrating these pages with httpd-site repos; but since it involves a
non-trivial change I wanted to propose it here for an ack or two before
actually committing it.

The database is just a big XML file and we used XSLT to extract and sort
the vulnerabilities relevant to the page for the particular httpd version
we're generating.  I've created a modified version of the XSLT which
extracts the data for the pages and pops it into the velocity format the
site uses.

So the commit would:

Add lib/ant-trax.jar (needed for the xslt)
Add security/ directory
Add security/vulnerabilities-httpd.xml (database)
Add security/impact_levels.xml (http://www.apacheweek.com/features/security-levels)
Add stylesheets/securitydb.xsl 
Add stylesheets/securitydates.xsl

Modify build.xsl to run XSLT on vulnerabilities-httpd.xml which creates
/security/vulnerabilities_13.xml, an equivalent to
http://www.apacheweek.com/features/security-13, and 
/security/vulnerabilities_20.xml, an equivalent to
http://www.apacheweek.com/features/security-30).

Diff (minus ant-trax and the resultant /docs/ changes) at
http://esoom.com/add-apacheweek-stuff.diff

Once this is running I intend to remove this data from Apache Week and 
redirect the duplicate Apache Week pages to httpd.apache.org, so 
httpd.apache.org is the master source of this info.

Cheers,
Mark

Re: Proposed addition to httpd.apache.org

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

+1 - sounds like a good solution for now.

I hear that some additional forest / xslt / composition tools
are going to be installed for some projects, but believe your
suggestion is fine to move this along :)

Bill

At 05:56 AM 4/29/2005, Mark J Cox wrote:
>A while ago I promised that we'd give the database of security issues used
>to generate the Apache Week security pages to the ASF.  Yesterday I worked
>on integrating these pages with httpd-site repos; but since it involves a
>non-trivial change I wanted to propose it here for an ack or two before
>actually committing it.
>
>The database is just a big XML file and we used XSLT to extract and sort
>the vulnerabilities relevant to the page for the particular httpd version
>we're generating.  I've created a modified version of the XSLT which
>extracts the data for the pages and pops it into the velocity format the
>site uses.
>
>So the commit would:
>
>Add lib/ant-trax.jar (needed for the xslt)
>Add security/ directory
>Add security/vulnerabilities-httpd.xml (database)
>Add security/impact_levels.xml (http://www.apacheweek.com/features/security-levels)
>Add stylesheets/securitydb.xsl 
>Add stylesheets/securitydates.xsl
>
>Modify build.xsl to run XSLT on vulnerabilities-httpd.xml which creates
>/security/vulnerabilities_13.xml, an equivalent to
>http://www.apacheweek.com/features/security-13, and 
>/security/vulnerabilities_20.xml, an equivalent to
>http://www.apacheweek.com/features/security-30).
>
>Diff (minus ant-trax and the resultant /docs/ changes) at
>http://esoom.com/add-apacheweek-stuff.diff
>
>Once this is running I intend to remove this data from Apache Week and 
>redirect the duplicate Apache Week pages to httpd.apache.org, so 
>httpd.apache.org is the master source of this info.
>
>Cheers,
>Mark