[Spacewalk-devel] System currency page

Cliff Perry cperry at redhat.com
Tue Oct 12 22:12:32 EDT 2010


Colin Coe wrote:
> Hi all
> 
> I'm seeking opinions on the rules around users adjusting the formula
> which has the following multipliers by default:
> - security (critical) : 32
> - security (important) : 16
> - security (moderate) : 8
> - security (low) : 4
> - bug : 2
> - enhancement : 1
> 
> For example, a system with 5 enhancements, 10 bug fixes and 1 critical
> security errata outstanding would have a score of ((1 * 32) + (0 * 16)
> + (0 * 8) + (0 *4) + (10 * 2) + (5 *1)) or 57.
> 
> I should probably note here that this works off the errata so if there
> are no errata, there is no score.   Also, the multipliers are
> currently in the .jsp page, these would need to be moved to a DB table
> before anything else could happen.
> 
> So, my question is: what should the rules be surrounding users
> changing the formula.
> 
> My thoughts are that the user should be able to change the values but
> if the user does change the formula, and the system scores (as
> calculated above) are used for measuring how patched the systems are,
> then changes in the formula would render that reporting as unreliable
> at best.  The original API script that inspired this page was used to
> report to management on the state of outstanding patches on the Linux
> fleet.
> 
> One thing I thought of was generating a PDF file with the formula
> noted at the end as well as a history of the multipliers, date changed
> and by whom.  This wouldn't be trivial though....

I think such a report / history may be over kill here.

> 
> Anyone care to offer an opinion on this?

I do not think we should change the formulas rules, just the value or 
multiplier allowed for each. Allowing user definition of these to me 
would be nice. Purely an example, allow values to be set in rhn.conf to 
override default:

currency.critical : 65536
currency.important : 256
currency.moderate : 16

In this case, I am squaring the importance up, rather than doubling, 
such that the other three below are their default value. In this case it 
goes from:

 > For example, a system with 5 enhancements, 10 bug fixes and 1 critical
 > security errata outstanding would have a score of ((1 * 32) + (0 * 16)
 > + (0 * 8) + (0 *4) + (10 * 2) + (5 *1)) or 57.

To:
(1 * 65536) + (10 * 2) + (5 * 1) = 65557

obviously, in this case, critical security errata for systems make it 
near impossible for systems without needing critical errata to be higher 
in value.

So for myself, either simply reading in options from rhn.conf (like 
above) for config or exposing a UI allowing configuration of the values 
(which ever is easier to implement) would I suspect give the most value 
in providing configurability of System currency page. Instead maybe look 
to add it to spacecmd for calling APIs with config options for values or 
spacewalk-reports and let the UI be simple.

Cliff
> 
> CC
> 




More information about the Spacewalk-devel mailing list