[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions
Guido Günther
agx at sigxcpu.org
Sat Dec 9 14:21:04 UTC 2017
Hi,
On Wed, Dec 06, 2017 at 08:48:17AM +0100, Markus Koschany wrote:
> On Fri, 1 Dec 2017 09:28:26 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
> <agx at sigxcpu.org> wrote:
> [...]
> > I would rather not make psql connections from reportbug. http is
> > ubiquitous and can be proxied. That's why I mentioned the security
> > tracker. The nice thing about the security tracker is that we can change
> > what's stable, oldstable or lts without involving anybody else.
>
> Hi Guido,
>
> I have updated the patch according to your suggestions. It's a bit
> strange that we can't match release numbers and code name already. I
> think it would be best to implement this feature somewhere else but for
> the sake of moving forward the code will just fetch this json file now.
> At the moment I don't know the exact location at
> https://security-tracker.debian.org/ where I should put this
> information. Suggestions are welcome. Please find attached the debdiff
> against the latest version in unstable and the json file.
Looks good in principle. I would use a slightly different json format
though (using YAML for readability):
wheezy:
major: 7
alias: oldoldstable
jessy:
major: 8
alias: oldstable
stretch:
major: 9
alias: stable
This allows us to extend this in the future if necessary.
Cheers,
-- Guido
More information about the Reportbug-maint
mailing list