[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 265-1] unattended-upgrades security update

Hi Holger,

On  Fr 03 Jul 2015 12:48:06 CEST, Holger Levsen wrote:


On Freitag, 3. Juli 2015, Mike Gabriel wrote:
The only way I can think of in terms of making this more fool proof, I
guess, is by rejecting mails to debian-lts-announce if

   o a used DLA has not been reserved via the secure-testing SVN repo
   o the DLA has been reserved in the SVN repo, but for another package

there is another way, which is probably easier to implement: parse debian-lts- announce mails and automatically add those DLAs to svn if that hasnt been done

Yeah, I thought of this approach, as well...

It will not always succeed, though, as there can be (normally is) a delay between running bin/genDLA and actually sending the DLA mail.

My delays normally are:

  o write up a nice announcement text
  o possibly have lunch break inbetween
  o answer someone's phone or deal with people coming into my office

In the meantime, someone else may have run bin/genDLA as well and actually committed the DLA number (I had that once already with Santiago).

I guess we can capture something like 80% of the cases (which is good already) by auto-committing DLA's that come in via the d-l-a list, but for a 100% fix-up, we may need to bounce mails, it feels.

Though, I am not fully sure here, just lacking imagination here. ;-)


mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpZiP6_EauvH.pgp
Description: Digitale PGP-Signatur

Reply to: