[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: reportbug: please inform security and lts teams about security update regressions

Am 10.12.2017 um 13:35 schrieb Salvatore Bonaccorso:
>>> and beeing accessible under https://security-tracker.debian.org/tracker/distributions.json
>> That makes as lot of sense! (I used YAML in the example for readability,
>> output of the tracker should be JSON). The main reason why I'd prefer
>> the tracker is that we can update the file ourselves when switching
>> releases.
> Yes I can understand why you prefer the security-tracker itself. My
> convern was (and still in back on my head), we add more mappings. But
> with eabove, we do not need to take care of stable->oldstable, etc ...
> just add the who-is-supporting field.
> A version of the above is live on the security-tracker, but I have not
> yet commited the changes. I would first like to know: are you happy
> with the 'major-version' nomenclature, otherwise we could change it to
> 'version'. 'support' should maybe 'support-by'?


IMO my version of distributions.json did the same thing. We only can
deduce the version from the package, so the version was the key and the
values were "lts", "oldstable", "stable". Everything else is not supported.


For the next LTS this file would look like

8: "lts"
9: "stable"

and then

8: "lts"
9: "oldstable"
10: "stable"

More information is not required. The code looks like that:


Of course I can also use the new json file. If I don't hear any further
objections I am going to use


from now on. I intend to release an update of reportbug for Wheezy next
week. Please contact me if you are interested in an upgrade for Jessie
and Stretch as well.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: