[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions
Markus Koschany
apo at debian.org
Wed Dec 13 12:34:05 UTC 2017
Hi Salvatore,
Am 12.12.2017 um 07:19 schrieb Salvatore Bonaccorso:
[...]
> I have made the above change now live/commited. The file is still thus
> extensible and for futher (and future use). Thanks for your work on
> that! (as a personal note on my side, would have prefered to get less
> pressure).
Sorry, I didn't want to put pressure on you. The email was just a
declaration of intent to NMU reportbug in Wheezy and a last call for
further suggestions. I haven't got a reply from Sandro yet. I filed
#878088 on 9.10 and attached my initial patch, pinged the bug report
again on 3.11, asked for feedback on both mailing lists on 28.11,
incorporated requested changes in the following days and eventually send
the final call on 10.12. I believe there was plenty of time to react. If
there is anything to change we can always do that in a another revision.
> For jessie and stretch: such an update should go in via a point
> release (like for the debian-security-support package updates). We
> have not heard anything yet on the implementation side from the
> maintainer, Sandro, did you got Markus updates/proposals? Your input
> would be very appreciated :)
I intend to submit a new version of reportbug with my patch (attached)
for Jessie and Stretch next week.
Regards,
Markus
-------------- next part --------------
diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7/bin/reportbug
--- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.000000000 +0200
+++ reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.000000000 +0200
@@ -32,6 +32,8 @@
import optparse
import re
import locale
+import requests
+import json
import subprocess
import shlex
import email
@@ -1926,6 +1928,33 @@
listcc += ui.get_multiline(
'Enter any additional addresses this report should be sent to; press ENTER after each address.')
+ # If the bug is reported against a package with a version that
+ # indicates a security update add the security or lts team to CC
+ # after user confirmation
+ is_security_update = False
+ if pkgversion:
+ regex = re.compile('(\+|~)deb(\d+)u(\d+)')
+ secversion = regex.search(pkgversion)
+ if secversion:
+ if ui.yes_no('Do you want to report a regression because of a security update? ',
+ 'Yes, please inform the LTS and security teams.',
+ 'No or I am not sure.', True):
+ is_security_update = True
+ distnumber = secversion[2]
+ r = requests.get('https://security-tracker.debian.org/tracker/distributions.json')
+ data = r.json()
+ support = 'none'
+ for key, value in data.items():
+ if distnumber in value['major-version']:
+ support = value['support']
+
+ if is_security_update and support != 'none':
+ if support == 'lts':
+ email_address = ['debian-lts at lists.debian.org']
+ else:
+ email_address = ['team at security.debian.org']
+ listcc.extend(email_address)
+
if severity and rtype:
severity = debbugs.convert_severity(severity, rtype)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20171213/71d502ee/attachment.sig>
More information about the Reportbug-maint
mailing list