Hi, while looking at the recent changes in data/CVE/list I noticed a bunch of gstreamer issues being added but not showing up in the output produced by lts-cve-triage. Reason was that they're marked as undetermined. The attached patch adds undetermined issues to the output by default. O.k. to apply?
I'll start triaging the most recent ones but I'll likely won't be able to clear the full backlog of 26 issues. Cheers, -- Guido
>From 75772169dd17411ea0aa092e67e295da9fae2cbf Mon Sep 17 00:00:00 2001 Message-Id: <75772169dd17411ea0aa092e67e295da9fae2cbf.1486115624.git....@sigxcpu.org> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <[email protected]> Date: Fri, 3 Feb 2017 10:47:18 +0100 Subject: [PATCH] lts-cve-triage: Don't silently ignore undetermined issues --- bin/lts-cve-triage.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/bin/lts-cve-triage.py b/bin/lts-cve-triage.py index c330920e5..f0f09d191 100755 --- a/bin/lts-cve-triage.py +++ b/bin/lts-cve-triage.py @@ -52,6 +52,9 @@ LIST_NAMES = ( ('possible_easy_fixes', ('Issues from dla-needed.txt that are already fixed in {next_lts}' ).format(**RELEASES)), + ('undetermined', + ('Undetermined issues in {lts}' + ).format(**RELEASES)), ) lists = collections.defaultdict(lambda: collections.defaultdict(lambda: [])) @@ -115,10 +118,13 @@ for pkg in tracker.iterate_packages(): if status_in_next_lts.status == 'resolved': add_to_list('possible_easy_fixes', pkg, issue) - if (status_in_lts.status == 'ignored' and - status_in_lts.reason == 'no-dsa' and - status_in_next_lts.status == 'open'): - add_to_list('unexpected_nodsa', pkg, issue) + if status_in_lts.status == 'ignored': + if (status_in_lts.reason == 'no-dsa' and + status_in_next_lts.status == 'open'): + add_to_list('unexpected_nodsa', pkg, issue) + elif status_in_lts.reason == 'undetermined': + add_to_list('undetermined', pkg, issue) + for key, desc in LIST_NAMES: if args.filter is not None and key not in args.filter: -- 2.11.0
