Mercurial > p > roundup > code
comparison doc/CVE.txt @ 8064:d6b447de4f59
docs: set up for release documentation.
Make changes to publish security.html with CVE announcements referring
to the sections in upgrading.html rather than CVE.html.
Remove templates.zip as part of html build in Makefile.
Also update doc for using CVE.html.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:34:13 -0400 |
| parents | 28aa76443f58 |
| children |
comparison
equal
deleted
inserted
replaced
| 8063:6d4b5005abf2 | 8064:d6b447de4f59 |
|---|---|
| 1 .. comments: | 1 .. comments: |
| 2 This file is a temporary way to post CVE notifications before | 2 This file is a temporary way to post CVE notifications before |
| 3 a release. | 3 a release. |
| 4 | 4 |
| 5 Document the CVE fix info in upgrading.txt. Publishing | 5 Document the CVE fix info in upgrading.txt. We extract the sections |
| 6 upgrading.txt would push info on the next release not the current | 6 from upgrading.txt that deal with the CVE into a separate CVE.html. |
| 7 release. | 7 An updated docs/security.html and docs/CVE.html provide the details |
| 8 on a between release CVE announcment. | |
| 8 | 9 |
| 9 So we comment out a reference anchor in upgrading.txt and use that | 10 Publishing upgrading.txt would include info on the to be released |
| 10 comment to extract the section from upgrading.txt into CVE.txt. | 11 roundup software and wouldn't match the rest of the release docs. |
| 11 The extracted section gets the same anchor that is in upgrading.txt, | |
| 12 but is is not commented out. | |
| 13 | 12 |
| 14 Then we add a summary to the list of CVE's in security.txt using a | 13 To extract the info from upgrading.txt to use in CVE.html, add a |
| 15 :ref: to the anchor. If CVE.txt is part of the build and | 14 commented out a reference anchor in upgrading.txt. Then in CVE.txt |
| 16 upgrading.txt has a commented out anchor, security.txt entries link | 15 we use an include directive with start-after and end-before options |
| 17 to CVE.html in the generated documentation. | 16 to exract the sections from upgrading.txt into CVE.html. |
| 18 | 17 |
| 19 In upgrading.txt add a | 18 The extracted section in CVE.txt gets the same anchor that is in |
| 19 upgrading.txt, but is is not commented out. This allows us to swap | |
| 20 out CVE.txt and uncomment the reference in upgrading.txt. Then | |
| 21 rerunning sphinx-build will make security.html point to the sections | |
| 22 in upgrading.html. | |
| 23 | |
| 24 For example, in upgrading.txt add a | |
| 20 | 25 |
| 21 .. comment: _CVE-2024-39124: | 26 .. comment: _CVE-2024-39124: |
| 22 | 27 |
| 23 before the section for the CVE (use the real CVE number). At the | 28 before the section for the CVE (use the real CVE number). At the |
| 24 end of the CVE section add an end comment: | 29 end of the CVE section add an end comment: |
| 42 .. include:: upgrading.txt | 47 .. include:: upgrading.txt |
| 43 :start-after: .. comment: _CVE-2024-39124: | 48 :start-after: .. comment: _CVE-2024-39124: |
| 44 :end-before: .. comment: end of CVE | 49 :end-before: .. comment: end of CVE |
| 45 | 50 |
| 46 After building the docs, install docs/security.html and | 51 After building the docs, install docs/security.html and |
| 47 docs/CVE.html on the web site. Use the security.html URL | 52 docs/CVE.html on the web site. Reference: |
| 48 on the web site to update the CVE report. | 53 |
| 54 https://www.roundup-tracker.org/docs/security.html | |
| 55 | |
| 56 in the CVE announcement from Mitre. | |
| 49 | 57 |
| 50 When the release is ready, replace 'comment: _CVE' with '_CVE' in | 58 When the release is ready, replace 'comment: _CVE' with '_CVE' in |
| 51 upgrading.txt. This makes the anchors in upgrading.txt live. | 59 upgrading.txt. This makes the anchors in upgrading.txt live. |
| 52 | 60 |
| 53 Then disable CVE.txt by removing CVE.txt from contents.txt in the | 61 Then disable CVE.txt by removing CVE.txt from contents.txt in the |
| 54 toctree hidden section. Also add CVE.txt to exclude_patterns in | 62 toctree hidden section. Also add docs/CVE.txt to exclude_patterns in |
| 55 conf.py. | 63 conf.py. |
| 56 | 64 |
| 57 No change needs to happen to security.txt as it's using a :ref: and | 65 No change needs to happen to security.txt as it's using a :ref: and |
| 58 we just changed the location for the ref so sphinx will get the | 66 we just changed the location for the ref so sphinx will get the |
| 59 links correct. | 67 links correct. |