Hello Sandro, Am 29.12.2017 um 02:27 schrieb Sandro Tosi: > Hello everyone, > let me first apologize for the long time with no input from the > reportbug maints. Yes, we were eagerly interested in your comments for this feature but had to move forward. > i had a look a the patch and.. i'm not really happy :( it looks like > the version format is the same for both security updates and stable > updates: this means for every bug report (on a stable release against > an updated package) the user will get a prompt if this is a regression > due to a security update, and they may have no clue because all they > did is dist-upgrading. Unfortunately there is no way to differentiate between a security update and a regular stable update. Stable updates can also include security fixes which did not warrant a security announcement. The only way to limit the amount of false notifications to both team mailing lists was to create a prompt and to ask the user whether this is a security update regression. If there is a better way to deal with this problem we should do that. > i'm not super-excited about making a synchronous call to > distributions.json but let's say i can live with that (did you try > your patch with the -O/--offline mode?) No, I did not try the patch with the --offline flag because we assumed internet access due to distributions.json. > is there a way s-t.d.o can get > queried at the same time to know if the current package/version comes > from the secteam/lts or is coming from the pkg maintainer as a normal > stable update? I am not aware of a method to retrieve this information. Like I said stable updates can also include security updates and the only way to determine whether something is a stable/security update is to parse the package version string. There is no differentiation at the moment. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature