[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions

Markus Koschany apo at debian.org
Thu Nov 30 17:38:27 UTC 2017

On Wed, 29 Nov 2017 22:49:55 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
<agx at sigxcpu.org> wrote:
> Can't we deduce if it's LTS from either the packages version number or from
> /etc/debian_version. Once we have the code name or number we could do a
> simple HTTP call to check if this is stable, oldstable or lts.
> I don't know of a page that exposes this information in JSON or similar
> but if we don't have it we could add another page to the security
> tracker like:
> GET /tracker/data/releases
> { 'stretch': 'stable',
>   'jessie':  'oldstable',
>   'wheezy':  'lts'
> }
> We then wouldn't be dependent on the string parsing in the changelog.

Hi Guido,

yes, in general that should be possible. Parsing /etc/debian_version
might be dangerous though because it is well possible that someone
reports a Wheezy bug from a development system running Sid or his
workstation running stable. This might lead to wrong information.

Don't we already have the UDD database which tracks all package
information in a convenient manner? It should be possible to lookup the
version number and query the corresponding distribution/release code
name. Looking at [1] I can find at least a releases table. If we create
another table like your JSON idea it should be possible to match code
name and suite. I don't know if this information is already present in
UDD or if we have to create it first. We would need to import psycopg2
for database connections and thus a dependency on python3-psycopg2.

Perhaps it might even more sense to add this feature to
python3-debianbts, which is already a dependency of python3-reportbug,
or more precisely the BTS itself. Perhaps it's already there and I just
don't know it.



[1] https://udd.debian.org/schema/udd.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20171130/98e13e08/attachment.sig>

More information about the Reportbug-maint mailing list