[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions

Raphael Geissert geissert at debian.org
Tue Nov 28 23:09:28 UTC 2017


On 9 October 2017 at 19:47, Markus Koschany <apo at debian.org> wrote:
> If the bug is reported against a package with a version number that
> indicates a security update like +deb7u1 or ~deb8u3, both team mailing
> lists should be added to CC after the bug reporter confirms that this
> is a regression caused by a security update.

Perhaps reportbug could check the package's changelog to determine
whether the latest update was a security or LTS one. It could do so by
looking for the sec team's or LTS' snippet on the latest version.

Then and only then it could also ask for confirmation, as in: "is the
bug a recent regression?", and CC the corresponding team. For
instance, there's no need to CC the security team for regressions by
LTS updates.

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

More information about the Reportbug-maint mailing list