Bug#931533: security-tracker: Fetch Sources.xz/Packages.xz when available instead of Sources.gz/Packages.gz

[Salvatore Bonaccorso <carnil@debian.org>]

Package: security-tracker
Severity: important
Control: affects -1 + ftp.debian.org

Starting with the buster release for the *-security and *-backports
suites there are no Sources.gz and Packages.gz available in 

http://security.debian.org/debian-security/dists/buster/updates/main/source/
http://security.debian.org/debian-security/dists/bullseye-security/main/source/

But security-tracker is hardcoding fetching the respective gz files in
lib/python/debian_support.py via:

288 def downloadGunzipLines(remote):
289     """Downloads a file from a remote location and gunzips it.
290
291     Returns the lines in the file."""
292
293     data = urllib2.urlopen(remote, timeout=TIMEOUT)
294     try:
295         gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
296         try:
297             return gfile.readlines()
298         finally:
299             gfile.close()
300     finally:
301         data.close()
302
303 def downloadFile(remote, local):
304     """Copies a gzipped remote file to the local system.
305
306     remote - URL, without the .gz suffix
307     local - name of the local file
308     """
309
310     lines = downloadGunzipLines(remote + '.gz')
311     replaceFile(lines, local)
312     return lines

This should be more flexible, depending on what is available (possibly
doing similar as apt-file).

For now ftp-master kindly re-enabled generation of *.gz files as well
for the security archive for buster and bullseye-security (not for
*-backports, which has been disabled temporarily via
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02cd33cd782c84e3e06631bb609e1b480da8bcd1).

Regards,
Salvatore