Hi,
On Tue, Feb 28, 2017 at 06:43:23AM +0100, Salvatore Bonaccorso wrote:
> Hi Balint,
>
> Thanks for bringing up that topic!
>
> On Tue, Feb 28, 2017 at 01:48:42AM +0100, Bálint Réczey wrote:
> > Hi,
> >
> > Since I made mistakes in setting the package version in DLA texts (and
> > I'm not alone ;-)) I came up with the attached patch which makes
> > gen-DLA and guess the proper one.
> >
> > If both teams like it I'll push it to the repo.
>
> I can only speak for myself: I would rather not see that
> patch/automatism applied for mainly two reasons: First, we prepare
> DSA's in advance, the usual procedure and only once the package would
> be dak install'ed in to the archive it appears in the Sources.gz.
>
> The second reason is: at least for the suites which the security team
> takes care, there are as well updates via point releases and appearing
> in the main repository.
>
> Now that I'm writing, I can think of some corner cases (where e.g.
> there is a major version bump, and we cannot just do previous version
> + 1).
>
> For those two reasons I would rather just say to have a note in the
> DLA preparation notes to mention the epochs.
>
> I may speak for myself alone, but given for us there are embargoed
> queues on security-master, I would rather have to specify a version
> explicitly when I parepare a DSA.
Btw, I think it would not work completely right at the moment, trying
it out for e.g. some immaginary entries I got:
+[28 Feb 2017] DSA-3798-1 linux - security update
+ {CVE-2017-1234}
+ [squeeze] - linux 2.6.32-48squeeze6
+ [wheezy] - linux 3.2.84-2
+ [jessie] - linux 3.16.39-1+deb8u1
+[28 Feb 2017] DSA-3797-1 munin - security update
+ {CVE-2017-1234}
+ [wheezy] - munin 2.0.6-4+deb7u3
+ [jessie] - munin 2.0.25-1+deb8u1
So I really would rather stick with the current bin/gen-{DLA,DSA}, but
add some notes/remarks to the LTS documentation for preparing DLA's.
Regards,
Salvatore