Merge pull request #42063 from wilsonwu/trans-blog-23-2

k8s-ci-robot · web-flow · commit 0d863022475c · 2023-07-25T08:08:05.000-07:00
[zh] Sync Updates to the Auto-refreshing Official CVE Feed blog into Chinese
diff --git a/content/zh-cn/blog/_posts/2023-04-25-Updates-to-the-Auto-refreshing-Official-CVE-Feed/index.md b/content/zh-cn/blog/_posts/2023-04-25-Updates-to-the-Auto-refreshing-Official-CVE-Feed/index.md
@@ -0,0 +1,134 @@
+---
+layout: blog
+title: 官方自动刷新 CVE 订阅源的更新
+date: 2023-04-25
+slug: k8s-cve-feed-beta
+---
+
+<!--
+layout: blog
+title: Updates to the Auto-refreshing Official CVE Feed
+date: 2023-04-25
+slug: k8s-cve-feed-beta
+-->
+
+**作者**：Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar
+<!--
+**Authors**: Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar
+-->
+
+**译者**：Wilson Wu (DaoCloud)
+
+<!--
+Since launching the [Auto-refreshing Official CVE feed](/docs/reference/issues-security/official-cve-feed/) as an alpha
+feature in the 1.25 release, we have made significant improvements and updates. We are excited to announce the release of the
+beta version of the feed. This blog post will outline the feedback received, the changes made, and talk about how you can help 
+as we prepare to make this a stable feature in a future Kubernetes Release.
+-->
+自从在 1.25 版本中将[官方自动刷新 CVE 订阅源](/zh-cn/docs/reference/issues-security/official-cve-feed/)作为 Alpha
+功能启用以来，我们已经做了一些重大改进和更新。我们很高兴宣布该订阅源的 Beta 版现已发布。这篇博文将列举收到的反馈、所做的更改，
+还讨论了在未来 Kubernetes 版本中准备使其进阶成为一个稳定功能时你可以如何提供帮助。
+
+<!--
+## Feedback from end-users
+-->
+## 来自最终用户的反馈 {#feadback-from-end-users}
+
+<!--
+SIG Security received some feedback from end-users:
+- The JSON CVE Feed [did not comply](https://github.com/kubernetes/website/issues/36808)
+  with the [JSON Feed specification](https://www.jsonfeed.org/) as its name would suggest.
+- The feed could also [support RSS](https://github.com/kubernetes/sig-security/issues/77)
+  in addition to JSON Feed format.
+- Some metadata could be [added](https://github.com/kubernetes/sig-security/issues/72) to indicate the freshness of
+  the feed overall, or [specific CVEs](https://github.com/kubernetes/sig-security/issues/63). Another suggestion was 
+  to [indicate](https://github.com/kubernetes/sig-security/issues/71) which Prow job recently updated the feed. See 
+  more ideas directly on the [the umbrella issue](https://github.com/kubernetes/sig-security/issues/1).
+- The feed Markdown table on the website [should be ordered](https://github.com/kubernetes/sig-security/issues/73)
+  from the most recent to the least recently announced CVE.
+-->
+SIG Security 收到了一些最终用户的反馈：
+
+- JSON CVE Feed 的名称与在 [JSON Feed 规范](https://www.jsonfeed.org/)中所建议的[不符](https://github.com/kubernetes/website/issues/36808)。
+- 除了 JSON Feed 格式之外，订阅源还可以[支持 RSS](https://github.com/kubernetes/sig-security/issues/77) 格式。
+- 可以[添加](https://github.com/kubernetes/sig-security/issues/72)一些元数据来表示整体订阅的实时性，
+  或者[特殊 CVE](https://github.com/kubernetes/sig-security/issues/63) 内容。
+  另一个建议是希望[指出](https://github.com/kubernetes/sig-security/issues/71)哪个 Prow 作业最近对订阅源进行了更新。
+  可以直接在[问题汇总](https://github.com/kubernetes/sig-security/issues/1)中查看更多想法。
+- 网站上的订阅源 Markdown 表应按照 CVE 发布的时间顺序由近到远[排列](https://github.com/kubernetes/sig-security/issues/73)。
+
+<!--
+## Summary of changes
+-->
+## 变更摘要 {#summary-of-changes}
+
+<!--
+In response, the SIG did a [rework of the script generating the JSON feed](https://github.com/kubernetes/sig-security/pull/76)
+to comply with the JSON Feed specification from generation and add a
+`last_updated` root field to indicate overall freshness. This redesign needed a
+[corresponding fix on the Kubernetes website side](https://github.com/kubernetes/website/pull/38579)
+for the CVE feed page to continue to work with the new format.
+-->
+在回应中，SIG 对[生成 JSON 格式订阅源的脚本进行了修改](https://github.com/kubernetes/sig-security/pull/76)，
+让生成的内容符合 JSON Feed 规范，并添加 `last_updated` 根字段表示整体实时性。此重新设计需要
+[Kubernetes 网站的相应修复](https://github.com/kubernetes/website/pull/38579)，以便 CVE 订阅源页面基于新格式继续工作。
+
+<!--
+After that, [RSS feed support](https://github.com/kubernetes/website/pull/39513)
+could be added transparently so that end-users can consume the feed in their
+preferred format.
+-->
+之后，完全透明的添加了 [RSS 订阅源支持](https://github.com/kubernetes/website/pull/39513)，以便最终用户使用订阅源时可以将其作为首选格式。
+
+<!--
+Overall, the redesign based on the JSON Feed specification, which this time broke
+backward compatibility, will allow updates in the future to address the rest of
+the issue while being more transparent and less disruptive to end-users.
+-->
+总而言之，基于 JSON Feed 规范的重新设计（打破了向后兼容性）将允许后续进行更新以解决其余问题，同时令其更加透明且对最终用户的干扰做到较小。
+
+<!--
+### Updates
+-->
+### 更新 {#updates}
+
+<!--
+| **Title**                                                                                                    | **Issue**                                                       | **Status**                                                                                                                                                                                                                      |
+| ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| CVE Feed: JSON feed should pass jsonfeed spec validator | [kubernetes/webite#36808](https://github.com/kubernetes/website/issues/36808) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Add lastUpdatedAt as a metadata field | [kubernetes/sig-security#72](https://github.com/kubernetes/sig-security/issues/72) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| Support RSS feeds by generating data in Atom format | [kubernetes/sig-security#77](https://github.com/kubernetes/sig-security/issues/77) | closed, addressed by [kubernetes/website#39513](https://github.com/kubernetes/website/pull/39513)|
+| CVE Feed: Sort Markdown Table from most recent to least recently announced CVE | [kubernetes/sig-security#73](https://github.com/kubernetes/sig-security/issues/73) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Include a timestamp field for each CVE indicating when it was last updated | [kubernetes/sig-security#63](https://github.com/kubernetes/sig-security/issues/63) | closed, addressed by [kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Add Prow job link as a metadata field | [kubernetes/sig-security#71](https://github.com/kubernetes/sig-security/issues/71) | closed, addressed by [kubernetes/sig-security#83](https://github.com/kubernetes/sig-security/pull/83) |
+-->
+| **标题**                                                                                                    | **Issue**                                                       | **状态**                                                                                                                                                                                                                      |
+| ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| CVE Feed: JSON feed should pass jsonfeed spec validator | [kubernetes/webite#36808](https://github.com/kubernetes/website/issues/36808) | 已关闭，详见：[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Add lastUpdatedAt as a metadata field | [kubernetes/sig-security#72](https://github.com/kubernetes/sig-security/issues/72) | 已关闭，详见：[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| Support RSS feeds by generating data in Atom format | [kubernetes/sig-security#77](https://github.com/kubernetes/sig-security/issues/77) | 已关闭，详见：[kubernetes/website#39513](https://github.com/kubernetes/website/pull/39513)|
+| CVE Feed: Sort Markdown Table from most recent to least recently announced CVE | [kubernetes/sig-security#73](https://github.com/kubernetes/sig-security/issues/73) | 已关闭，详见：[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Include a timestamp field for each CVE indicating when it was last updated | [kubernetes/sig-security#63](https://github.com/kubernetes/sig-security/issues/63) | 已关闭，详见：[kubernetes/sig-security#76](https://github.com/kubernetes/sig-security/pull/76) |
+| CVE Feed: Add Prow job link as a metadata field | [kubernetes/sig-security#71](https://github.com/kubernetes/sig-security/issues/71) | 已关闭，详见：[kubernetes/sig-security#83](https://github.com/kubernetes/sig-security/pull/83) |
+
+<!--
+## What's next?
+-->
+## 接下来要做什么？ {#whats-next}
+
+<!--
+In preparation to [graduate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-stages) the feed 
+to stable i.e. `General Availability` stage, SIG Security is still gathering feedback from end users who are using the updated beta feed.
+-->
+为了此订阅源[进阶至](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-stages)稳定阶段做准备，
+即 `General Availability` 阶段，SIG Security 仍将从最终用户持续收集他们使用最新 Beta 版订阅源后的反馈。
+
+<!--
+To help us continue to improve the feed in future Kubernetes Releases please share feedback by adding a comment to
+this [tracking issue](https://github.com/kubernetes/sig-security/issues/1) or
+let us know on [#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
+Kubernetes Slack channel, join [Kubernetes Slack here](https://slack.k8s.io).
+-->
+为了帮助我们在未来的 Kubernetes 版本中继续改进订阅源，请通过对此[跟踪 Issue](https://github.com/kubernetes/sig-security/issues/1)
+添加评论来分享反馈，或者通过 [#sig-security-tooling](https://kubernetes.slack.com/archives/C01CUSVMHPY)
+Kubernetes Slack 频道让我们获得更多信息，由此加入 [Kubernetes Slack](https://slack.k8s.io)。
