Re: Guessing package version for DLA template
On Feb/28, Salvatore Bonaccorso wrote:
> > Since I made mistakes in setting the package version in DLA texts
> > (and I'm not alone ;-)) I came up with the attached patch which
> > makes gen-DLA and guess the proper one.
> >
> > If both teams like it I'll push it to the repo.
>
> I can only speak for myself: I would rather not see that
> patch/automatism applied for mainly two reasons: First, we prepare
> DSA's in advance, the usual procedure and only once the package would
> be dak install'ed in to the archive it appears in the Sources.gz.
>
> The second reason is: at least for the suites which the security team
> takes care, there are as well updates via point releases and appearing
> in the main repository.
>
> Now that I'm writing, I can think of some corner cases (where e.g.
> there is a major version bump, and we cannot just do previous version
> + 1).
>
> For those two reasons I would rather just say to have a note in the
> DLA preparation notes to mention the epochs.
>
> I may speak for myself alone, but given for us there are embargoed
> queues on security-master, I would rather have to specify a version
> explicitly when I parepare a DSA.
I agree: this is more of a documentation problem (I always double-check
the version manually in the *changes files, prior to writing the DSA),
and not something that's easily fixed in gen-DSA itself.
However, if you acknowledge the limitations brought forward by
Salvatore, but still think a "version guess" can help, we're of course
not opposed to your implementing this behavior via an *optional*
command-line switch (that'd ideally document all those
shortcomings).
I'd for one tend to stay well away from it, but it'd come down to a
personal choice from the person writing the advisory :)
Cheers,
--Seb
Reply to: