Re: reportbug: please inform security and lts teams about security update regressions
- To: 878088@bugs.debian.org, apo@debian.org, Debian LTS <debian-lts@lists.debian.org>, "team@security.debian.org" <team@security.debian.org>, geissert@debian.org
- Subject: Re: reportbug: please inform security and lts teams about security update regressions
- From: Guido Günther <agx@sigxcpu.org>
- Date: Sun, 10 Dec 2017 12:59:05 +0100
- Message-id: <[🔎] 20171210115905.GA8714@bogon.m.sigxcpu.org>
- Mail-followup-to: Guido Günther <agx@sigxcpu.org>, 878088@bugs.debian.org, apo@debian.org, Debian LTS <debian-lts@lists.debian.org>, "team@security.debian.org" <team@security.debian.org>, geissert@debian.org
- In-reply-to: <[🔎] 20171210115138.GA19589@eldamar.local>
- References: <687054c7-d52a-786c-a0f2-93985d87d0fe@debian.org> <[🔎] ad8060ab-29df-fed0-5bac-6d3c331731d1@debian.org> <[🔎] 20171210090055.GB30428@eldamar.local> <[🔎] 20171210115138.GA19589@eldamar.local>
Hi,
On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote:
> > Hi
> >
> > Cc'ing explicitly Guido and Raphael, who commented before.
> >
> > On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wrote:
> > > Hi,
> > >
> > > I have updated my patch for reportbug. Now emails are sent only to one
> > > of the team mailing lists based on the release number in the version
> > > string. There is apparently no simple way to determine the relationship
> > > between release number, code name, suite and whether this is a LTS
> > > release. So we came up with a simple json file which provides this kind
> > > of information and can be adjusted as time goes by. We think that
> > > security-tracker.debian.org would be a good place for this file but I'd
> > > appreciate it if someone from the security team told us the exact location.
> > >
> > > See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878088#45
> >
> > So let me first understand the information you would need from that
> > file (here in sort-of-yaml):
> >
> > ----cut---------cut---------cut---------cut---------cut---------cut-----
> > wheezy:
> > major-version: 7
> > support: lts
> > jessie:
> > major-version: 8
> > support: security
> > stretch:
> > major-version: 9
> > support: security
> > buster:
> > major-version: 10
> > support: none
> > bullseye:
> > major-version: 11
> > support: none
> > ----cut---------cut---------cut---------cut---------cut---------cut-----
>
> But rather in JSON than YAML. Florian would not recommend using YAML, and
> furthermore it's more consistent with the tracker itself.
>
> ----cut---------cut---------cut---------cut---------cut---------cut-----
> {
> "wheezy": {
> "major-version": "7",
> "support": "lts"
> },
> "jessie": {
> "major-version": "8",
> "support": "security"
> },
> "stretch": {
> "major-version": "9",
> "support": "security"
> },
> "buster": {
> "major-version": "10",
> "support": "none"
> },
> "bullseye": {
> "major-version": "11",
> "support": "none"
> }
> }
> ----cut---------cut---------cut---------cut---------cut---------cut-----
>
> and beeing accessible under https://security-tracker.debian.org/tracker/distributions.json
That makes as lot of sense! (I used YAML in the example for readability,
output of the tracker should be JSON). The main reason why I'd prefer
the tracker is that we can update the file ourselves when switching
releases.
Cheers,
-- Guido
Reply to: