Re: RFC: rmadison query in review-update-needed script
The functionality looks useful. Should it even be part of lts-cve-triage.py script, or should it be a separate thing? I'm asking since I typically use just the lts-cve-triage.py script when working as front desk. If we should use several scripts maybe we should have a wrapper script around it to ease the work.
Some days ago I claimed tigervnc in dla-needed.txt and began working on
it. Only, after about an hour it dawned on me that tigervnc was not
present in jessie. I went about trying to determine the best way to
ensure that only packages actually in the appropriate suite
(oldoldstable for now for jessie) end up in dla-needed.txt.
After asking on debian-devel regarding API accessibility of
distro-tracker and reviewing the limited options, I came up with a minor
modification to the review-update-needed script that queries rmadison
for information regarding the existence of the packages in
I have done my best to seamlessly integrate with the existing
capabilities of the script and to integrate in such a way that, for
example, the new capability could be easily leveraged by those working
front-desk or even automated by cron to quickly alert of the presence of
packages in dla-needed.txt that are not present in jessie. The
implementation should also work for dsa-needed.txt if that might be
useful to those who maintain that file.
Please have a look at the attached patch and let me know what you think.
If the consensus is that this capability would be useful, I will go
ahead and commit/push the change to the security-tracker repo.
Here is some example output:
roberto@build01:~/src/security-tracker.git (master *=)$ ./bin/review-update-needed --lts --exist-in oldoldstable | tail
Claimed-By: Thorsten Alteholz
Claimed-Date: 2020-01-26 21:47
Last-Update: 2020-01-27 11:16
Unclaimed-Since: 2020-01-27 15:53
Roberto C. Sánchez
--- Inguza Technology AB --- MSc in Information Technology ----