[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: rmadison query in review-update-needed script


The functionality looks useful. Should it even be part of lts-cve-triage.py script, or should it be a separate thing? I'm asking since I typically use just the lts-cve-triage.py script when working as front desk. If we should use several scripts maybe we should have a wrapper script around it to ease the work.

// Ola

On Mon, 27 Jan 2020 at 17:02, Roberto C. Sánchez <roberto@debian.org> wrote:
Hello all,

Some days ago I claimed tigervnc in dla-needed.txt and began working on
it.  Only, after about an hour it dawned on me that tigervnc was not
present in jessie.  I went about trying to determine the best way to
ensure that only packages actually in the appropriate suite
(oldoldstable for now for jessie) end up in dla-needed.txt.

After asking on debian-devel regarding API accessibility of
distro-tracker and reviewing the limited options, I came up with a minor
modification to the review-update-needed script that queries rmadison
for information regarding the existence of the packages in

I have done my best to seamlessly integrate with the existing
capabilities of the script and to integrate in such a way that, for
example, the new capability could be easily leveraged by those working
front-desk or even automated by cron to quickly alert of the presence of
packages in dla-needed.txt that are not present in jessie.  The
implementation should also work for dsa-needed.txt if that might be
useful to those who maintain that file.

Please have a look at the attached patch and let me know what you think.
If the consensus is that this capability would be useful, I will go
ahead and commit/push the change to the security-tracker repo.

Here is some example output:

roberto@build01:~/src/security-tracker.git (master *=)$ ./bin/review-update-needed --lts --exist-in oldoldstable | tail

Package: iperf3
Claimed-By: Thorsten Alteholz
Claimed-Date: 2020-01-26 21:47
Last-Update: 2020-01-27 11:16

Package: tigervnc
Missing-From: oldoldstable
Unclaimed-Since: 2020-01-27 15:53



Roberto C. Sánchez

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: