[Reportbug-commits] [reportbug] 04/04: add --{no-}security-team, to declare to send (or not) the report only to the security team since it is (or not) an undisclosed vulnerability; Closes: #685829

Sandro Tosi morph at moszumanska.debian.org
Mon May 4 04:08:06 UTC 2015 

This is an automated email from the git hooks/post-receive script.

morph pushed a commit to branch master
in repository reportbug.

commit 6f09c2aeea96c1f3e0b62f41c599e85ceb515251
Author: Sandro Tosi <morph at debian.org>
Date:   Mon May 4 00:03:03 2015 -0400

    add --{no-}security-team, to declare to send (or not) the report only to the security team since it is (or not) an undisclosed vulnerability; Closes: #685829
---
 bin/reportbug    |  8 ++++++--
 debian/changelog |  6 +++++-
 man/reportbug.1  | 10 ++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/bin/reportbug b/bin/reportbug
index bf5a526..969e798 100755
--- a/bin/reportbug
+++ b/bin/reportbug
@@ -905,6 +905,10 @@ def main():
                       help='query on source packages, not binary packages')
     parser.add_option('--no-query-source', action='store_false',
                       dest='query_src', help='query on binary packages only')
+    parser.add_option('--security-team', action='store_true', dest='secteam', default=None,
+                      help='send the report only to the security team, if tag=security')
+    parser.add_option('--no-security-team', action='store_false', default=None,
+                      dest='secteam', help='do not send the report only to the security team, if tag=security')
     parser.add_option('--debconf', action='store_true',
                       help='include debconf settings in your report')
     parser.add_option('--no-debconf', action='store_false', dest='debconf',
@@ -2037,10 +2041,10 @@ For more details, please see: http://www.debian.org/devel/wnpp/''')
             tags = ''
 
         if 'security' in taglist:
-            if ui.yes_no(
+            if self.options.secteam or (self.options.secteam is None and ui.yes_no(
                 'Are you reporting an undisclosed vulnerability? If so, in order to responsibly disclose the issue, it should not be sent to the public BTS right now, but instead to the private Security Team mailing list.',
                 'Yes, it is an undisclosed vulnerability, send this report to the private Security Team mailing list and not to the BTS.',
-                'No, it is already a publicly disclosed vulnerability, send this report to the BTS.', False):
+                'No, it is already a publicly disclosed vulnerability, send this report to the BTS.', False)):
                 sendto = 'team at security.debian.org'
 
         # Execute bug script
diff --git a/debian/changelog b/debian/changelog
index 2e27595..c14456f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,8 +32,12 @@ reportbug (6.6.4) UNRELEASED; urgency=medium
   * reportbug/utils.py
     - support LANG declined Description-xx field in package information; thanks
       to Robert Luberda for the report; Closes: #683116
+  * bin/reportbug, man/reportbug.1
+    - add --{no-}security-team, to declare to send (or not) the report only to
+      the security team since it is (or not) an undisclosed vulnerability;
+      Closes: #685829
 
- -- Sandro Tosi <morph at debian.org>  Sat, 02 May 2015 15:00:19 -0400
+ -- Sandro Tosi <morph at debian.org>  Sun, 03 May 2015 23:59:40 -0400
 
 reportbug (6.6.3) unstable; urgency=medium
 
diff --git a/man/reportbug.1 b/man/reportbug.1
index d206922..df33de5 100644
--- a/man/reportbug.1
+++ b/man/reportbug.1
@@ -388,6 +388,16 @@ Set the subject of the bug report (i.e. a brief explanation of the
 problem, less than 60 characters).  If you do not specify this switch,
 you will be prompted for a subject.
 .TP
+.B \-\-security\-team
+If the 'security' tag is set, this option will explicitly specify to send the
+report only to the Debian Security Team, as this is an undisclosed
+vulnerability.
+.TP
+.B \-\-no\-security\-team
+If the 'security' tag is set, this option will explicitly specify to not send
+the report only to the Debian Security Team, as this is not an undisclosed
+vulnerability.
+.TP
 .B \-S SEVERITY, \-\-severity=SEVERITY
 Specify a severity level, from \fBcritical\fP, \fBgrave\fP,
 \fBserious\fP, \fBimportant\fP, \fBnormal\fP, \fBminor\fP, and

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reportbug/reportbug.git

More information about the Reportbug-commits mailing list