[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions
Markus Koschany
apo at debian.org
Wed Dec 6 07:48:17 UTC 2017
On Fri, 1 Dec 2017 09:28:26 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
<agx at sigxcpu.org> wrote:
[...]
> I would rather not make psql connections from reportbug. http is
> ubiquitous and can be proxied. That's why I mentioned the security
> tracker. The nice thing about the security tracker is that we can change
> what's stable, oldstable or lts without involving anybody else.
Hi Guido,
I have updated the patch according to your suggestions. It's a bit
strange that we can't match release numbers and code name already. I
think it would be best to implement this feature somewhere else but for
the sake of moving forward the code will just fetch this json file now.
At the moment I don't know the exact location at
https://security-tracker.debian.org/ where I should put this
information. Suggestions are welcome. Please find attached the debdiff
against the latest version in unstable and the json file.
Regards,
Markus
-------------- next part --------------
diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7/bin/reportbug
--- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.000000000 +0200
+++ reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.000000000 +0200
@@ -32,6 +32,8 @@
import optparse
import re
import locale
+import requests
+import json
import subprocess
import shlex
import email
@@ -1926,6 +1928,33 @@
listcc += ui.get_multiline(
'Enter any additional addresses this report should be sent to; press ENTER after each address.')
+ # If the bug is reported against a package with a version that
+ # indicates a security update add the security or lts team to CC
+ # after user confirmation
+ is_security_update = False
+ if pkgversion:
+ regex = re.compile('(\+|~)deb(\d+)u(\d+)')
+ secversion = regex.search(pkgversion)
+ if secversion:
+ if ui.yes_no('Do you want to report a regression because of a security update? ',
+ 'Yes, please inform the LTS and security teams.',
+ 'No or I am not sure.', True):
+ is_security_update = True
+ distnumber = secversion[2]
+ r = requests.get('https://security-tracker.debian.org/distribution.json')
+ data = r.json()
+ distribution = None
+ for key, value in data.items():
+ if distnumber in key:
+ distribution = value
+
+ if is_security_update and distribution is not None:
+ if distribution == 'lts':
+ email_address = ['debian-lts at lists.debian.org']
+ else:
+ email_address = ['team at security.debian.org']
+ listcc.extend(email_address)
+
if severity and rtype:
severity = debbugs.convert_severity(severity, rtype)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: distribution.json
Type: application/json
Size: 54 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20171206/5cc9dc52/attachment.json>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20171206/5cc9dc52/attachment.sig>
More information about the Reportbug-maint
mailing list