Package: reportbug Version: 7.1.7 Severity: wishlist Tags: patch
Hi, the Debian LTS Team and the Debian Security Team would like to propose a new feature for reportbug. We discussed this at DebConf 17 during the LTS BoF and shortly on debian-lts [1] that it would make sense to inform both teams about regressions introduced by security updates. We usually receive word from the maintainer or users who report issues directly to our mailing lists or IRC channels. However we have also discovered that some regressions were never reported to us. Hence we propose the following feature for reportbug: If the bug is reported against a package with a version number that indicates a security update like +deb7u1 or ~deb8u3, both team mailing lists should be added to CC after the bug reporter confirms that this is a regression caused by a security update. The confirmation check is necessary to prevent too many false positives since similar version strings are used for regular stable updates. However the default is true because it is better to receive one e-mail too many as to miss the regression. Of course this could be changed if it turns out that we receive too many unwarranted reports. Please find attached my proposed patch. Regards, Markus [1] https://lists.debian.org/debian-lts/2017/08/msg00034.html
diff -Nru reportbug-7.1.7/bin/reportbug reportbug-7.1.7+nmu1/bin/reportbug --- reportbug-7.1.7/bin/reportbug 2017-05-29 22:00:17.000000000 +0200 +++ reportbug-7.1.7+nmu1/bin/reportbug 2017-10-09 01:26:16.000000000 +0200 @@ -1926,6 +1926,22 @@ listcc += ui.get_multiline( 'Enter any additional addresses this report should be sent to; press ENTER after each address.') + # If the bug is reported against a package with a version that + # indicates a security update add the security and lts teams to CC + # after user confirmation + is_security_update = False + if pkgversion: + regex = re.compile('(\+|~)deb\d+u\d+') + if regex.search(pkgversion): + if ui.yes_no('Do you want to report a regression because of a security update? ', + 'Yes, please inform the LTS and security teams.', + 'No or I am not sure.', True): + is_security_update = True + + if is_security_update: + email_address = ['debian-...@lists.debian.org','t...@security.debian.org'] + listcc.extend(email_address) + if severity and rtype: severity = debbugs.convert_severity(severity, rtype)
_______________________________________________ Reportbug-maint mailing list Reportbug-maint@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reportbug-maint