Bug#470065: debsecan: Better report for backports

[Vincent Bernat]

OoO En cette  fin de nuit blanche du dimanche 09  mars 2008, vers 05:49,
Florian Weimer <[EMAIL PROTECTED]> disait:

>> I think that this "inferiority" should be changed to equality in term
>> of security. I suppose that __cmp__() in Version class could return 0
>> when all the following conditions are met:
>> - upstream versions are equal
>> - debian versions of the package without r'~.*$' pattern are equal
>> Otherwise, we just use return VersionCompare() result.

> This doesn't work because "~" isn't really that special.  It's used by
> maintainers as well, not just backports and testing-security.

> Sorry, but the fix is more complex, and I'm not 100% sure what it would
> look like.  It probably has to happen on the server side anyway.

Here is  another proposition: we allow  the user to apply  a regexp that
will be stripped from the version. If debsecan is called with:
  --strip-version '~bpo.\d+$'
then, backports version will  be compared against their testing/unstable
counterparts.


--- /usr/bin/debsecan	2007-09-02 18:14:42.000000000 +0200
+++ debsecan	2008-03-15 21:27:17.000000000 +0100
@@ -308,6 +308,8 @@
                       help="display entries on the whitelist")
     parser.add_option("--update-config", action="store_true",
                       dest="update_config", help=None)
+    parser.add_option("--strip-version",
+                      help="strip the given regexp from version")
     (options, args) = parser.parse_args()
 
     def process_whitelist_options():
@@ -1229,6 +1231,10 @@
     re_source = re.compile\
                 (r'^([a-zA-Z0-9.+-]+)(?:\s+\((\S+)\))?$')
     formatter = formatters[options.format](target, options, history)
+    if options.strip_version:
+        strip_version = re.compile(options.strip_version)
+    else:
+        strip_version = None
     for pkg in packages:
         pkg_name = None
         pkg_status = None
@@ -1267,6 +1273,9 @@
             pkg_source_version = pkg_version
         if not pkg_source:
             pkg_source = pkg_name
+        if strip_version:
+            pkg_source_version = strip_version.sub('', pkg_source_version)
+            pkg_version = strip_version.sub('', pkg_version)
 
         try:
             pkg_version = Version(pkg_version)

-- 
BOFH excuse #360:
Your parity check is overdrawn and you're out of cache.