kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Translate blog Updates to the Auto-refreshing Official CVE Feed into Chinese

pull/42063/head
Wilson Wu 2023-07-18 14:15:57 +08:00
parent 79eeabee2a
commit f7a1455da9
1 changed files with 134 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
content/zh-cn/blog/_posts/2023-04-25-Updates-to-the-Auto-refreshing-Official-CVE-Feed/index.md Normal file
View File

@ -0,0 +1,134 @@
---
layout: blog
title: 官方自动刷新 CVE 订阅源的更新
date: 2023-04-25
slug: k8s-cve-feed-beta
---
<!--
layout: blog
title: Updates to the Auto-refreshing Official CVE Feed
date: 2023-04-25
slug: k8s-cve-feed-beta
-->
**作者**Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar
<!--
**Authors**: Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar
-->
**译者**Wilson Wu (DaoCloud)
<!--
Since launching the [Auto-refreshing Official CVE feed](/docs/reference/issues-security/official-cve-feed/) as an alpha
feature in the 1.25 release, we have made significant improvements and updates. We are excited to announce the release of the
beta version of the feed. This blog post will outline the feedback received, the changes made, and talk about how you can help
as we prepare to make this a stable feature in a future Kubernetes Release.
-->
自从在 1.25 版本中将[官方自动刷新 CVE 订阅源](/zh-cn/docs/reference/issues-security/official-cve-feed/)作为 Alpha
功能启用以来,我们已经做了一些重大改进和更新。我们很高兴宣布该订阅源的 Beta 版现已发布。这篇博文将列举收到的反馈、所做的更改,
还讨论了在未来 Kubernetes 版本中准备使其进阶成为一个稳定功能时你可以如何提供帮助。
<!--
## Feedback from end-users
-->
## 来自最终用户的反馈 {#feadback-from-end-users}
<!--
SIG Security received some feedback from end-users:
- The JSON CVE Feed [did not comply](https://github.com/kubernetes/website/issues/36808)
with the [JSON Feed specification](https://www.jsonfeed.org/) as its name would suggest.
- The feed could also [support RSS](https://github.com/kubernetes/sig-security/issues/77)
in addition to JSON Feed format.
- Some metadata could be [added](https://github.com/kubernetes/sig-security/issues/72) to indicate the freshness of
the feed overall, or [specific CVEs](https://github.com/kubernetes/sig-security/issues/63). Another suggestion was
to [indicate](https://github.com/kubernetes/sig-security/issues/71) which Prow job recently updated the feed. See
more ideas directly on the [the umbrella issue](https://github.com/kubernetes/sig-security/issues/1).
- The feed Markdown table on the website [should be ordered](https://github.com/kubernetes/sig-security/issues/73)
from the most recent to the least recently announced CVE.
-->
SIG Security 收到了一些最终用户的反馈:
- JSON CVE Feed 的名称与在 [JSON Feed 规范](https://www.jsonfeed.org/)中所建议的[不符](https://github.com/kubernetes/website/issues/36808)。
- 除了 JSON Feed 格式之外,订阅源还可以[支持 RSS](https://github.com/kubernetes/sig-security/issues/77) 格式。
- 可以[添加](https://github.com/kubernetes/sig-security/issues/72)一些元数据来表示整体订阅的实时性,
或者[特殊 CVE](https://github.com/kubernetes/sig-security/issues/63) 内容。
另一个建议是希望[指出](https://github.com/kubernetes/sig-security/issues/71)哪个 Prow 作业最近对订阅源进行了更新。
可以直接在[问题汇总](https://github.com/kubernetes/sig-security/issues/1)中查看更多想法。
- 网站上的订阅源 Markdown 表应按照 CVE 发布的时间顺序由近到远[排列](https://github.com/kubernetes/sig-security/issues/73)。
<!--
## Summary of changes
-->
## 变更摘要 {#summary-of-changes}
<!--
In response, the SIG did a [rework of the script generating the JSON feed](https://github.com/kubernetes/sig-security/pull/76)
to comply with the JSON Feed specification from generation and add a
`last_updated` root field to indicate overall freshness. This redesign needed a
[corresponding fix on the Kubernetes website side](https://github.com/kubernetes/website/pull/38579)
for the CVE feed page to continue to work with the new format.
-->
在回应中SIG 对[生成 JSON 格式订阅源的脚本进行了修改](https://github.com/kubernetes/sig-security/pull/76)
让生成的内容符合 JSON Feed 规范,并添加 `last_updated` 根字段表示整体实时性。此重新设计需要
[Kubernetes 网站的相应修复](https://github.com/kubernetes/website/pull/38579),以便 CVE 订阅源页面基于新格式继续工作。
<!--
After that, [RSS feed support](https://github.com/kubernetes/website/pull/39513)
could be added transparently so that end-users can consume the feed in their
preferred format.
-->
之后,完全透明的添加了 [RSS 订阅源支持](https://github.com/kubernetes/website/pull/39513),以便最终用户使用订阅源时可以将其作为首选格式。
<!--
Overall, the redesign based on the JSON Feed specification, which this time broke
backward compatibility, will allow updates in the future to address the rest of
the issue while being more transparent and less disruptive to end-users.
-->
总而言之,基于 JSON Feed 规范的重新设计(打破了向后兼容性)将允许后续进行更新以解决其余问题,同时令其更加透明且对最终用户的干扰做到较小。
<!--
### Updates
-->
### 更新 {#updates}
<!--
| **Title** | **Issue** | **Status** |
| ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| CVE Feed: JSON feed should pass jsonfeed spec validator | [kubernetes/webite#36808](https://github.com/kubernetes/website/issues/36808) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Add lastUpdatedAt as a metadata field | [kubernetes/sig-security#72](https://github.com/kubernetes/sig-security/issues/72) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| Support RSS feeds by generating data in Atom format | [kubernetes/sig-security#77](https://github.com/kubernetes/sig-security/issues/77) | closed, addressed by [kubernetes/website#39513](https://github.com/kubernetes/website/pull/39513)|
| CVE Feed: Sort Markdown Table from most recent to least recently announced CVE | [kubernetes/sig-security#73](https://github.com/kubernetes/sig-security/issues/73) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Include a timestamp field for each CVE indicating when it was last updated | [kubernetes/sig-security#63](https://github.com/kubernetes/sig-security/issues/63) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Add Prow job link as a metadata field | [kubernetes/sig-security#71](https://github.com/kubernetes/sig-security/issues/71) | closed, addressed by [kubernetes/sig-security#83](https://github.com/kubernetes/sig-security/pull/83) |
-->
| **标题** | **Issue** | **状态** |
| ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| CVE Feed: JSON feed should pass jsonfeed spec validator | [kubernetes/webite#36808](https://github.com/kubernetes/website/issues/36808) | 已关闭,详见:[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Add lastUpdatedAt as a metadata field | [kubernetes/sig-security#72](https://github.com/kubernetes/sig-security/issues/72) | 已关闭,详见:[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| Support RSS feeds by generating data in Atom format | [kubernetes/sig-security#77](https://github.com/kubernetes/sig-security/issues/77) | 已关闭,详见:[kubernetes/website#39513](https://github.com/kubernetes/website/pull/39513)|
| CVE Feed: Sort Markdown Table from most recent to least recently announced CVE | [kubernetes/sig-security#73](https://github.com/kubernetes/sig-security/issues/73) | 已关闭,详见:[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Include a timestamp field for each CVE indicating when it was last updated | [kubernetes/sig-security#63](https://github.com/kubernetes/sig-security/issues/63) | 已关闭,详见:[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
| CVE Feed: Add Prow job link as a metadata field | [kubernetes/sig-security#71](https://github.com/kubernetes/sig-security/issues/71) | 已关闭,详见:[kubernetes/sig-security#83](https://github.com/kubernetes/sig-security/pull/83) |
<!--
## What's next?
-->
## 接下来要做什么? {#whats-next}
<!--
In preparation to [graduate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-stages) the feed
to stable i.e. `General Availability` stage, SIG Security is still gathering feedback from end users who are using the updated beta feed.
-->
为了此订阅源[进阶至](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-stages)稳定阶段做准备,
`General Availability` 阶段SIG Security 仍将从最终用户持续收集他们使用最新 Beta 版订阅源后的反馈。
<!--
To help us continue to improve the feed in future Kubernetes Releases please share feedback by adding a comment to
this [tracking issue](https://github.com/kubernetes/sig-security/issues/1) or
let us know on [#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
Kubernetes Slack channel, join [Kubernetes Slack here](https://slack.k8s.io).
-->
为了帮助我们在未来的 Kubernetes 版本中继续改进订阅源,请通过对此[跟踪 Issue](https://github.com/kubernetes/sig-security/issues/1)
添加评论来分享反馈,或者通过 [#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
Kubernetes Slack 频道让我们获得更多信息,由此加入 [Kubernetes Slack](https://slack.k8s.io)。