archlinux · SantiagoTorres · Jun 13, 2019 · Jun 21, 2019 · Jun 21, 2019 · Jul 29, 2019
diff --git a/test/test_home.py b/test/test_home.py
@@ -0,0 +1,7 @@
+from flask import url_for
+from werkzeug.exceptions import NotFound
+
+
+def test_home(db, client):
+    resp = client.get(url_for('tracker.home', path=''), follow_redirects=True)
+    assert 200 == resp.status_code
diff --git a/test/test_index.py b/test/test_index.py
@@ -7,14 +7,6 @@
 from .conftest import create_package
 
 
-@create_package(name='foo', version='1.2.3-4')
-@create_group(id=DEFAULT_GROUP_ID, packages=['foo'], affected='1.2.3-3', fixed='1.2.3-4')
-def test_index(db, client):
-    resp = client.get(url_for('tracker.index'), follow_redirects=True)
-    assert 200 == resp.status_code
-    assert DEFAULT_GROUP_NAME not in resp.data.decode()
-
-
 @create_package(name='foo', version='1.2.3-4')
 @create_group(id=DEFAULT_GROUP_ID, packages=['foo'], affected='1.2.3-3')
 def test_index_vulnerable(db, client):

diff --git a/test/test_login.py b/test/test_login.py
@@ -51,7 +51,7 @@ def test_login_disabled(db, client):
 def test_login_logged_in_redirect(db, client):
     resp = client.post(url_for('tracker.login'), follow_redirects=False)
     assert 302 == resp.status_code
-    assert resp.location.endswith('/')
+    assert resp.location.endswith('/issues')
 
 
 @logged_in
@@ -63,4 +63,4 @@ def test_logout(db, client):
 def test_logout_not_logged_in(db, client):
     resp = client.post(url_for('tracker.logout'), follow_redirects=False)
     assert 302 == resp.status_code
-    assert resp.location.endswith('/')
+    assert resp.location.endswith('/issues')
diff --git a/tracker/templates/base.html b/tracker/templates/base.html
@@ -21,7 +21,8 @@
 		<div class="content">
 			<div class="navbar">
 				<ul>
-					<li><a href="/">issues</a></li>
+					<li><a href="/">home</a></li>
+					<li><a href="/issues/">issues</a></li>
 					<li><a href="/advisory">advisories</a></li>
 					<li><a href="/todo">todo</a></li>
 					<li><a href="/stats">stats</a></li>

diff --git a/tracker/templates/home.html b/tracker/templates/home.html
@@ -0,0 +1,41 @@
+{%- extends "base.html" -%}
+{% block content %}
+
+    <h1>Arch Linux Security</h2>
+
+    For Arch Linux security is paramount, and a dedicated team of staffers and
+    volunteers helps with triaging, prioritizing, confirming, patching and
+    notifying about vulnerabilities in Arch Linux components as well as
+    packages provided in the official repositories.
+
+    <h2>Reporting Vulnerablities in Arch Linux Components or Infrastructure</h3>
+
+    If you have discovered a vulnerability in packages related to core
+    components or in Arch Linux infrastructure don't hesitate to reach out 
+    to <a href="mailto:security@archlinux.org">security@archlinux.org</a> to
+    discuss remediation. You can encrypt your email to the following gpg keys.
+    <!-- FIXME: we'll have to figure this one out on the backend -->
+    <ul>
+       <li><a href="https://www.archlinux.org/people/developers/#anthraxx">Levente Polyak</a>
+           <tt>E240 B57E 2C46 30BA 768E  2F26 FC1B 547C 8D81 72C8</tt></li>
+
+       <li><a href="https://www.archlinux.org/people/support-staff/#rgacogne">Remi Gacogne</a>
+           <tt>A4CB EA79 7489 8599 195E  4FEC 46EC 46F3 9F3E 2EF1</tt></li>
+
+       <li><a href="https://www.archlinux.org/people/developers/#allan">Allan McRae</a>
+           <tt>6645 B0A8 C700 5E78 DB1D  7864 F99F FE0F EAE9 99BD</tt></li>
+    </ul>
+
+    <h2>Vulnerabilities in Upstream Packages</h3>
+
+    Our <a href="https://security.archlinux.org/issues/">CVE tracker</a> can help you
+    review the vulnerabilities that affect the packages we provide. If you
+    think a CVE that affects a package is not listed in there, do not hesitate
+    to reach out to us in irc on <tt>#archlinux-security</tt> in
+    <a href="https://freenode.net">freenode</a>.
+
+    <h2>Securing your Arch Linux installation</h3>
+
+    Consider checking this 
+    <a href="https://wiki.archlinux.org/index.php/Security">Wiki page for more information</a>
+{%- endblock %}
diff --git a/tracker/view/__init__.py b/tracker/view/__init__.py
@@ -5,6 +5,7 @@
 from .delete import *
 from .edit import *
 from .error import *
+from .home import *
 from .index import *
 from .login import *
 from .show import *

diff --git a/tracker/view/home.py b/tracker/view/home.py
@@ -0,0 +1,8 @@
+from flask import render_template
+
+from tracker import tracker
+
+
+@tracker.route('/', methods=['GET'])
+def home():
+    return render_template('home.html')
diff --git a/tracker/view/index.py b/tracker/view/index.py
@@ -53,7 +53,6 @@ def get_index_data(only_vulnerable=False, only_in_repo=True):
     return groups
 
 
-@tracker.route('/', defaults={'path': '', 'only_vulnerable': True}, methods=['GET'])
 def index(only_vulnerable=True, path=None):
     groups = get_index_data(only_vulnerable)
     return render_template('index.html',

diff --git a/tracker/view/login.py b/tracker/view/login.py
@@ -18,7 +18,7 @@
 @tracker.route('/login', methods=['GET', 'POST'])
 def login():
     if current_user.is_authenticated:
-        return redirect(url_for('tracker.index'))
+        return redirect(url_for('tracker.index_vulnerable'))
 
     form = LoginForm()
     if not form.validate_on_submit():
@@ -33,14 +33,14 @@ def login():
     user = user_assign_new_token(form.user)
     user.is_authenticated = True
     login_user(user)
-    return redirect(url_for('tracker.index'))
+    return redirect(url_for('tracker.index_vulnerable'))
 
 
 @tracker.route('/logout', methods=['GET', 'POST'])
 def logout():
     if not current_user.is_authenticated:
-        return redirect(url_for('tracker.index'))
+        return redirect(url_for('tracker.index_vulnerable'))
 
     user_invalidate(current_user)
     logout_user()
-    return redirect(url_for('tracker.index'))
+    return redirect(url_for('tracker.index_vulnerable'))