[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: reportbug: please inform security and lts teams about security update regressions

Am 21.12.2017 um 22:42 schrieb Salvatore Bonaccorso:
> Don't worry anymore. It was as well not about all the timeline, I'm
> aware when you did the initial ping, but rather on the "we think it
> needs a change on security tracker and want this information exposed
> ... I want to do the wheezy update next week"-part.
>> +        if is_security_update and support != 'none':
>> +            if support == 'lts':
>> +                email_address = ['debian-lts@lists.debian.org']
>> +            else:
>> +                email_address = ['team@security.debian.org']
>> +            listcc.extend(email_address)
>> +
> I did not had much time recently, so I'm a bit late. I would be nice
> here if that follows as well the intention of the file with the
> support field, that is (beware only "pseudcode"):
> [...]
> if is_security_update and support != 'none':
>     if support == 'lts':
>         email_address = ['debian-lts@lists.debian.org']
>     elif support == 'security"
>         email_address = ['team@security.debian.org']
>     else
>         # nothing at at the moment, no more cases right now
> [...]	
> that is, in case we add another support value (you remember there was
> once testing-security? ;-)) this can be done.
> I realize though you did now already upload the wheezy version, and
> the unstable version as delayed, so guess we will need to leave it
> now.
> Thanks for doing that work, let's see how it goes when we get reports.

Hi Salvatore,

we could also avoid hardcoding the email address in reportbug and then
we would not even need such a logic. The only information I can extract
with reportbug is the release number. That's what we use as the key. The
json file could be extended with any kind of value as long this
information is preserved. At the moment I think our current solution is
"good enough" for now but if you want to change something it can be
achieved anytime. It's not even too late for Sid because the upload is
delayed until 31.12.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: