[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions

Guido Günther agx at sigxcpu.org
Wed Nov 29 21:49:55 UTC 2017

Hi Markus,
Great this is still moving forward!

On Wed, Nov 29, 2017 at 08:00:12PM +0100, Markus Koschany wrote:
> Hi!
> I would prefer this solution. At the moment we check for the version
> string and I think that's sufficient for an initial check. The following
> actions should be triggered by the user himself by answering specific
> questions. What do you think about adding a second question after "Do
> you want to report a regression because of a security update?"
> Is this regression in Debian's LTS release?
> Yes, this bug is in the LTS release. -> only CC the LTS team
> No, this bug is not in the LTS release -> CC the security team

Can't we deduce if it's LTS from either the packages version number or from
/etc/debian_version. Once we have the code name or number we could do a
simple HTTP call to check if this is stable, oldstable or lts.

I don't know of a page that exposes this information in JSON or similar
but if we don't have it we could add another page to the security
tracker like:

GET /tracker/data/releases

{ 'stretch': 'stable',
  'jessie':  'oldstable',
  'wheezy':  'lts'

We then wouldn't be dependent on the string parsing in the changelog.

 -- Guido

More information about the Reportbug-maint mailing list