[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions

Salvatore Bonaccorso carnil at debian.org
Sun Dec 10 09:00:55 UTC 2017


Hi

Cc'ing explicitly Guido and Raphael, who commented before.

On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wrote:
> Hi,
> 
> I have updated my patch for reportbug. Now emails are sent only to one
> of the team mailing lists based on the release number in the version
> string. There is apparently no simple way to determine the relationship
> between release number, code name, suite and whether this is a LTS
> release. So we came up with a simple json file which provides this kind
> of information and can be adjusted as time goes by. We think that
> security-tracker.debian.org would be a good place for this file but I'd
> appreciate it if someone from the security team told us the exact location.
> 
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878088#45

So let me first understand the information you would need from that
file (here in sort-of-yaml):

----cut---------cut---------cut---------cut---------cut---------cut-----
wheezy:
  major-version: 7
  support: lts
jessie:
  major-version: 8
  support: security
stretch:
  major-version: 9
  support: security
buster:
  major-version: 10
  support: none
bullseye:
  major-version: 11
  support: none
----cut---------cut---------cut---------cut---------cut---------cut-----

For reportbug I do not see a need for the alias mapping, so we should
not add it it yet, or why would you need to know that wheezy is
oldoldstable for it? AFAICS, what you need for is a value to decide if
it's lts or security team supported, that is what I'm aiming for in
the above format with the support field. Once jessie moves to lts
supported, we just need to update that value. Then on reportbug side,
if the support is for lts, X-Debbugs-CC the debian-lts list, if it's
support 'security', X-Debbugs-CC the security team.

Possibly we could add a static file exporting this information on the
security-tracker which only would be needed to extend once a suite
goes over to lts support and new known releases are added. Then could
be available under
https://security-tracker.debian.org/tracker/distributions.yaml

How does your current patch for reportbug look like?

Please add my on Cc directly for replies.

Regards,
Salvatore



More information about the Reportbug-maint mailing list