Re: reportbug: please inform security and lts teams about security update regressions
- To: Markus Koschany <firstname.lastname@example.org>
- Cc: email@example.com, Guido Günther <firstname.lastname@example.org>, Debian LTS <email@example.com>, "firstname.lastname@example.org" <email@example.com>, firstname.lastname@example.org
- Subject: Re: reportbug: please inform security and lts teams about security update regressions
- From: Salvatore Bonaccorso <email@example.com>
- Date: Tue, 12 Dec 2017 07:19:43 +0100
- Message-id: <[🔎] firstname.lastname@example.org>
- Mail-followup-to: Markus Koschany <email@example.com>, firstname.lastname@example.org, Guido Günther <email@example.com>, Debian LTS <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, email@example.com
- In-reply-to: <[🔎] firstname.lastname@example.org>
- References: <email@example.com> <[🔎] firstname.lastname@example.org> <[🔎] 20171210090055.GB30428@eldamar.local> <[🔎] 20171210115138.GA19589@eldamar.local> <[🔎] 20171210115905.GA8714@bogon.m.sigxcpu.org> <[🔎] email@example.com> <[🔎] firstname.lastname@example.org>
On Sun, Dec 10, 2017 at 03:58:30PM +0100, Markus Koschany wrote:
> Am 10.12.2017 um 13:35 schrieb Salvatore Bonaccorso:
> >>> and beeing accessible under https://security-tracker.debian.org/tracker/distributions.json
> >> That makes as lot of sense! (I used YAML in the example for readability,
> >> output of the tracker should be JSON). The main reason why I'd prefer
> >> the tracker is that we can update the file ourselves when switching
> >> releases.
> > Yes I can understand why you prefer the security-tracker itself. My
> > convern was (and still in back on my head), we add more mappings. But
> > with eabove, we do not need to take care of stable->oldstable, etc ...
> > just add the who-is-supporting field.
> > A version of the above is live on the security-tracker, but I have not
> > yet commited the changes. I would first like to know: are you happy
> > with the 'major-version' nomenclature, otherwise we could change it to
> > 'version'. 'support' should maybe 'support-by'?
> IMO my version of distributions.json did the same thing. We only can
> deduce the version from the package, so the version was the key and the
> values were "lts", "oldstable", "stable". Everything else is not supported.
> For the next LTS this file would look like
> 8: "lts"
> 9: "stable"
> and then
> 8: "lts"
> 9: "oldstable"
> 10: "stable"
> More information is not required. The code looks like that:
> Of course I can also use the new json file. If I don't hear any further
> objections I am going to use
> from now on. I intend to release an update of reportbug for Wheezy next
> week. Please contact me if you are interested in an upgrade for Jessie
> and Stretch as well.
I have made the above change now live/commited. The file is still thus
extensible and for futher (and future use). Thanks for your work on
that! (as a personal note on my side, would have prefered to get less
For jessie and stretch: such an update should go in via a point
release (like for the debian-security-support package updates). We
have not heard anything yet on the implementation side from the
maintainer, Sandro, did you got Markus updates/proposals? Your input
would be very appreciated :)