Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-10-10 Thread Jeremiah C. Foster 




On 10/9/21 4:04 PM, Holger Levsen wrote:

On Sat, Oct 09, 2021 at 10:33:47AM +0200, Sylvain Beucler wrote:

This would be the ELTS (not LTS) repo at
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/.

See the ELTS README at gitlab.com:freexian-lts/extended-lts

[...]

See
https://wiki.debian.org/LTS/Development#Prepare_an_update_for_the_website


Thanks, Sylvain! :)


Yes, thank you both. The naming is clear to me now and I have the repos 
here on disk.


Cheers,

Jeremiah

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-10-09 Thread Holger Levsen 
On Sat, Oct 09, 2021 at 10:33:47AM +0200, Sylvain Beucler wrote:
> This would be the ELTS (not LTS) repo at
> https://salsa.debian.org/freexian-team/extended-lts/security-tracker/.
> 
> See the ELTS README at gitlab.com:freexian-lts/extended-lts
[...]
> See
> https://wiki.debian.org/LTS/Development#Prepare_an_update_for_the_website

Thanks, Sylvain! :)

(and sorry for having been busy with other stuff. I shall reply timely again
now.)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Today, over 800 women will have died due to preventable pregnancy and birth
complications, over 130 due to femicide. 
https://www.who.int/news-room/fact-sheets/detail/maternal-mortality
https://en.wikipedia.org/wiki/Femicide#Worldwide


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-10-08 Thread Jeremiah C. Foster 



On 9/28/21 12:46 PM, Holger Levsen wrote:

Hi Jeremiah,

On Mon, Sep 06, 2021 at 08:57:04PM -0400, Jeremiah C. Foster wrote:

(Jeremiah, shall I explain how to gather this data?)


so there are three very simple scripts involved, which are attached and which
I used to run every Monday and then I massaged them into one email, where I 
basically
just resend the same but edited mail every week.

These scripts expect that you have clones of the security-tracker.git repo as 
well
as the extented-security-tracker.git repo and the webwml.git repo checked out in
these directories:
  ~/Projects/security-tracker
  ~/Projects/extended-security-tracker
  ~/Projects/debian-www/webwml


As I mentioned in another email that I didn't send to the list, I'm not 
sure I have access to all of these git repos. I do have to 
security-tracker but I cannot find extended-security-tracker in Salsa or 
Gitlab. As for webwml, is that this 
https://salsa.debian.org/webmaster-team/webwml/ ?



I didn't sent that mail yesterday as I planned to send these instructions 
instead.
if you have any further questions, please ask.


I'm attaching some output for the run of lts-unclaim-packages for anyone 
to review. It doesn't look like the emails you sent, perhaps you edit 
this info into the email? If so, how?


Cheers,

Jeremiah
commit f2d8e8d18be206d84d34ff69936aa7c1a100b25d
Author: Jeremiah C. Foster 
Date:   Fri Oct 8 19:46:05 2021 -0400

semi-automatic unclaim after 2 weeks of inactivity

Signed-off-by: Jeremiah C. Foster 

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 7522a88c8d..3060d4916a 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -18,12 +18,12 @@ amd64-microcode
   NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html
   NOTE: 20210831: needs to be fixed (Beuc)
 --
-ansible (Lee Garrett)
+ansible
   NOTE: 20210411: As discussed with the maintainer I will update Buster first 
and
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-cacti (Roberto C. Sánchez)
+cacti
   NOTE: 20210829: not really sure whether affected, please recheck
   NOTE: 20210914: still assessing whether or not affected (roberto)
 --
@@ -34,11 +34,11 @@ debian-archive-keyring (Utkarsh)
   NOTE: 20211003: seemed to have expired and the build is thus
   NOTE: 20211003: failing. Or at least appears to be. :( (utkarsh)
 --
-exiv2 (Thorsten Alteholz)
+exiv2
 --
-faad2 (Thorsten Alteholz)
+faad2
 --
-ffmpeg (Anton Gladky)
+ffmpeg
   NOTE: probably wait until stuff is fixed in Buster
 --
 firefox-esr (Emilio)
@@ -50,7 +50,7 @@ firmware-nonfree
 hiredis (Chris Lamb)
   NOTE: 20211006: Fixed in sid and experimental. (lamby)
 --
-jsoup (Markus Koschany)
+jsoup
 --
 linux (Ben Hutchings)
 --
@@ -62,9 +62,9 @@ mosquitto
   NOTE: 20210805: coordinating upload to buster before DLA for Stretch 
(codehelp)
   NOTE: 20210806: CVE-2021-34432 ignored in buster and stretch. Vulnerable 
code not accessible. (codehelp)
 --
-nghttp2 (Anton Gladky)
+nghttp2
 --
-ntfs-3g (Abhijith PA)
+ntfs-3g
 --
 nvidia-graphics-drivers
   NOTE: package is in non-free but also in packages-to-support
@@ -114,7 +114,7 @@ smarty3
   NOTE: 20210829: Track regression (abhijith)
   NOTE: 20210906: prepared a build for testing. Waiting for bug submitter's 
reply (abhijith)
 --
-squashfs-tools (Thorsten Alteholz)
+squashfs-tools
   NOTE: 20210926: coordinate with upload to other releases
 --
 thunderbird (Emilio)

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-09-28 Thread Holger Levsen 
Hi Jeremiah,

On Mon, Sep 06, 2021 at 08:57:04PM -0400, Jeremiah C. Foster wrote:
> > (Jeremiah, shall I explain how to gather this data?)

so there are three very simple scripts involved, which are attached and which
I used to run every Monday and then I massaged them into one email, where I 
basically
just resend the same but edited mail every week.

These scripts expect that you have clones of the security-tracker.git repo as 
well
as the extented-security-tracker.git repo and the webwml.git repo checked out in
these directories:
 ~/Projects/security-tracker
 ~/Projects/extended-security-tracker
 ~/Projects/debian-www/webwml 

I didn't sent that mail yesterday as I planned to send these instructions 
instead.
if you have any further questions, please ask.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

„Guten Tag, ich rufe Sie an, um Ihnen mitzuteilen, dass Ihre Tochter seit
geraumer Zeit die schulischen Abläufe erheblich stört.“ - „Entschuldigen Sie,
meine Tochter ist 54 und Ministerin für Schule und Bildung in NRW.“ - „Gut,
dann wissen Sie also, von wem ich rede.“- Germany, early 2021
#!/bin/sh
# WTF licenced, copyright 2019 Holger Levsen

_unclaim(){
TARGET=$1
DIR=$2
figlet $TARGET
cd $DIR
git status
git pull
git status
./bin/review-update-needed --$TARGET --unclaim 1209600 --exclude linux 
linux-4.9 linux-4.19 xen
git commit -a -s -m 'semi-automatic unclaim after 2 weeks of inactivity'
git log -p -1
echo
echo "Don't forget to push..."
echo
git status
bash
}

unclaim_lts(){
_unclaim lts ~/Projects/security-tracker
}

unclaim_elts(){
_unclaim elts ~/Projects/extended-security-tracker
}

if [ -z "$1" ] ; then
xterm -e "$0 unclaim_lts" &
xterm -e "$0 unclaim_elts" &
else
$1
fi


#!/bin/bash

# WTF licenced, copyright 2020-2021 Holger Levsen

TRESHOLD=4

cd ~/Projects/security-tracker
git pull
echo

DLANEEDED=~/Projects/security-tracker/data/dla-needed.txt 
TMPFILE=$(mktemp)
egrep '^[A-Za-z0-9]+\ \(.*\)'  $DLANEEDED | cut -d ' ' -f2-| sort | tr -d 
'('|tr -d ')' | sort -u > $TMPFILE
WARNING=$(mktemp)

echo "Current number of package claims in LTS:"
echo ""
( while IFS= read -r  LINE ; do
HITS=$(grep -v '^ ' $DLANEEDED | grep -c "$LINE")
PACKAGES=$(grep -v '^ ' $DLANEEDED | grep "$LINE" | cut -d ' ' -f1 | 
xargs echo)
echo "$HITS: $LINE"
if [ $HITS -ge $TRESHOLD ] ; then
echo "Warning: $LINE probably claimed too many: $HITS packages: 
$PACKAGES" >> $WARNING
fi 
 done < $TMPFILE ) |sort -nr

echo
if [ -s $WARNING ] ; then
cat $WARNING | sort
else
echo "Nice, noone claimed $TRESHOLD packages or more."
fi
echo

rm $TMPFILE $WARNING
#!/bin/bash

# WTF licenced, copyright 2020 Holger Levsen

cd ~/Projects/security-tracker
git pull
cd ~/Projects/debian-www/webwml 
git pull
./english/security/find-missing-advisories --mode DLA --tracker 
../../security-tracker/ 2>&1



signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-09-06 Thread Jeremiah C. Foster 




On 9/6/21 5:31 AM, Holger Levsen wrote:

hi,

today one package was unclaimed for LTS:
- mupdf (codehelp)

and none for ELTS. Also noone claimed 4 packages or more.

Two DLAs which already have been reserved have not yet been published:
- DLA 2754-1 (04 Sep 2021) (pywps)
- DLA 2717-2 (27 Aug 2021) (redis)

(Jeremiah, shall I explain how to gather this data?)


Yes please! :-)

Cheers,

Jeremiah

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-09-06 Thread Chris Lamb 
Holger Levsen wrote:

> Two DLAs which already have been reserved have not yet been published:
[..]
> - DLA 2717-2 (27 Aug 2021) (redis)

Thanks for the reminder. This change has now been committed and will
be available on the website after the next run.


Regards,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: always check and update (d|e)la-needed.txt (Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do))

2021-08-09 Thread Emilio Pozuelo Monfort 

Roberto C. Sánchez wrote:

On this past Friday, Raphaël put me in touch with Thorsten Glaser, who
had already prepared openjdk-8 package for jessie and stretch.  I
reviewed and sponsored the upload, and the packages were literally in
the process of uploading when I saw this message.  I will publish the
advisories in a few hours, after all the binary packages are built.


Oops, this explains the REJECTs I got :)


I know I will be extra careful going forward.  This especially as in the
past I have been quick to become frustrated at others' mistakes.  I
appreciate the patience you and Emilio have shown toward me.  It is very
much appreciated.


Np, we all make mistakes.

Cheers,
Emilio

Re: always check and update (d|e)la-needed.txt (Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do))

2021-08-09 Thread Roberto C . Sánchez 
On Mon, Aug 09, 2021 at 10:52:00AM +, Holger Levsen wrote:
> Hi Roberto,
> 
> On Mon, Aug 09, 2021 at 06:38:15AM -0400, Roberto C. Sánchez wrote:
> > It was completely my fault.  [...]
> 
> Mistakes happen, thank you for owning yours!
> 
> >  The update to dla-needed.txt
> > and ela-needed.txt did not even cross my mind. 
> 
> Mistakes happen. I'm just emphasizing "the wrongdoing" so everybody
> learns and in future updating (d|e)la-ndeed.txt will be forgotten
> less often! :)
> 
I know I will be extra careful going forward.  This especially as in the
past I have been quick to become frustrated at others' mistakes.  I
appreciate the patience you and Emilio have shown toward me.  It is very
much appreciated.

Regards,

-Roberto

-- 
Roberto C. Sánchez

always check and update (d|e)la-needed.txt (Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do))

2021-08-09 Thread Holger Levsen 
Hi Roberto,

On Mon, Aug 09, 2021 at 06:38:15AM -0400, Roberto C. Sánchez wrote:
> It was completely my fault.  [...]

Mistakes happen, thank you for owning yours!

>  The update to dla-needed.txt
> and ela-needed.txt did not even cross my mind. 

Mistakes happen. I'm just emphasizing "the wrongdoing" so everybody
learns and in future updating (d|e)la-ndeed.txt will be forgotten
less often! :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The planet will be fine. We won't.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-08-09 Thread Markus Koschany 
Am Montag, dem 09.08.2021 um 06:38 -0400 schrieb Roberto C. Sánchez:
[...]
> 
> It was completely my fault.  According to Raphaël and Thorsten, Markus
> was not responding to emails.  I assumed that because Raphaël requested
> someone get in touch with Thorsten, that I should simply contact
> Thorsten, review the packages, and upload.  The update to dla-needed.txt
> and ela-needed.txt did not even cross my mind.  My apologies if I have
> over-stepped or caused problems with my oversight.

Emilio has been taking care of openjdk-8 for several months now. You probably
confused the two of us. Nobody contacted me in regard to openjdk-8.

Regards,

Markus


signature.asc
Description: This is a digitally signed message part

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-08-09 Thread Roberto C . Sánchez 
On Mon, Aug 09, 2021 at 10:32:54AM +, Holger Levsen wrote:
> On Mon, Aug 09, 2021 at 06:20:43AM -0400, Roberto C. Sánchez wrote:
> > On Mon, Aug 09, 2021 at 08:43:34AM +, Holger Levsen wrote:
> > > today three packages were unclaimed for LTS:
> > > - openjdk-8 (Emilio)
> > > 
> > > and three for ELTS:
> > > - openjdk-8 (Emilio)
> 
> > On this past Friday, Raphaël put me in touch with Thorsten Glaser, who
> > had already prepared openjdk-8 package for jessie and stretch.  I
> > reviewed and sponsored the upload, and the packages were literally in
> > the process of uploading when I saw this message.  I will publish the
> > advisories in a few hours, after all the binary packages are built.
> 
> I'm surprised you (nor anyone else) updated dla-needed.txt in the process.
> any idea why not?
> 
It was completely my fault.  According to Raphaël and Thorsten, Markus
was not responding to emails.  I assumed that because Raphaël requested
someone get in touch with Thorsten, that I should simply contact
Thorsten, review the packages, and upload.  The update to dla-needed.txt
and ela-needed.txt did not even cross my mind.  My apologies if I have
over-stepped or caused problems with my oversight.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-08-09 Thread Holger Levsen 
On Mon, Aug 09, 2021 at 10:32:54AM +, Holger Levsen wrote:
> On Mon, Aug 09, 2021 at 06:20:43AM -0400, Roberto C. Sánchez wrote:
> > On Mon, Aug 09, 2021 at 08:43:34AM +, Holger Levsen wrote:
> > > today three packages were unclaimed for LTS:
> > > - openjdk-8 (Emilio)
> > > 
> > > and three for ELTS:
> > > - openjdk-8 (Emilio)
> 
> > On this past Friday, Raphaël put me in touch with Thorsten Glaser, who
> > had already prepared openjdk-8 package for jessie and stretch.  I
> > reviewed and sponsored the upload, and the packages were literally in
> > the process of uploading when I saw this message.  I will publish the
> > advisories in a few hours, after all the binary packages are built.
> I'm surprised you (nor anyone else) updated dla-needed.txt in the process.

this also lead to more work wasted now: Markus just claimed openjdk-8
for stretch...


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If you own several guns but no guitars, you are doing life all wrong.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-08-09 Thread Holger Levsen 
On Mon, Aug 09, 2021 at 06:20:43AM -0400, Roberto C. Sánchez wrote:
> On Mon, Aug 09, 2021 at 08:43:34AM +, Holger Levsen wrote:
> > today three packages were unclaimed for LTS:
> > - openjdk-8 (Emilio)
> > 
> > and three for ELTS:
> > - openjdk-8 (Emilio)

> On this past Friday, Raphaël put me in touch with Thorsten Glaser, who
> had already prepared openjdk-8 package for jessie and stretch.  I
> reviewed and sponsored the upload, and the packages were literally in
> the process of uploading when I saw this message.  I will publish the
> advisories in a few hours, after all the binary packages are built.

I'm surprised you (nor anyone else) updated dla-needed.txt in the process.
any idea why not?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes... (Greta Thunberg)


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-08-09 Thread Roberto C . Sánchez 
On Mon, Aug 09, 2021 at 08:43:34AM +, Holger Levsen wrote:
> hi,
> 
> today three packages were unclaimed for LTS:
> - nettle (Emilio)
> - openjdk-8 (Emilio)
> - pillow (codehelp)
> 
> and three for ELTS:
> - nettle (Emilio)
> - openjdk-7 (Emilio)
> - openjdk-8 (Emilio)
> 
> Utkarsh probably claimed too many packages: 
> - amd64-microcode
> - exiv2
> - ruby2.3
> - usermode
> 

On this past Friday, Raphaël put me in touch with Thorsten Glaser, who
had already prepared openjdk-8 package for jessie and stretch.  I
reviewed and sponsored the upload, and the packages were literally in
the process of uploading when I saw this message.  I will publish the
advisories in a few hours, after all the binary packages are built.

Regards,

-Roberto


-- 
Roberto C. Sánchez

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-07-19 Thread Holger Levsen 
hi,

if you reclaim packages which were unclaimed after 2 weeks of inactivity,
please update the notes *properly*. Updating the date of a note entry stating
'WIP' is not helpful for anyone wanting to contribute, especially if it's 
WIP for two months or similar.

Also if it's WIP for weeks it might very well be sensible to spend 15min
updating the notes and bill that work, so please do.

(This is a general comment even though it was triggered by two actual commits.
I have almost zero desire to discuss the specific cases here, I just wanted to
make the general statement "please update the notes properly".)

Also, if you're waiting for weeks for a reply from upstream, state so, and
repeat yourself ("20210719 still waiting for reply from upstream") and better 
yet,
ping them, after two weeks thats fine for security issues I'd say.
"20210719 still waiting for reply from upstream, so pinged them again, <$MSGID>"

Thanks.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

It's the end of the world as we know it - and I feel fine.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-06-14 Thread Holger Levsen 
On Mon, Jun 14, 2021 at 09:51:44AM +0100, Chris Lamb wrote:
> Ah. I can see forgot to make sure it actually ended up on the website.
> I've merged the commit from my fork of the webwml.git repository and
> it should appear on the website in due course. Thanks for the
> pointers.

thanks for fixing this, Chris!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dat gifft in Plattdüütschen keen Woort för „Flüchtlinge”. Dat sünd allens Lüüd, 
Mischen, Kinners, Olle, Froons, Mannslüüd, so as Du un Ick.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-06-14 Thread Chris Lamb 
Hey,

> > The script checks:
> > https://salsa.debian.org/webmaster-team/webwml/-/tree/master/english/lts/security/2021
> > Maybe you forgot to git-push there?
>
> https://www.debian.org/lts/security/ also does not show it.

Ah. I can see forgot to make sure it actually ended up on the website.
I've merged the commit from my fork of the webwml.git repository and
it should appear on the website in due course. Thanks for the
pointers.


Regards,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-06-14 Thread Holger Levsen 
Hi,

On Mon, Jun 14, 2021 at 09:20:45AM +0200, Sylvain Beucler wrote:
> The script checks:
> https://salsa.debian.org/webmaster-team/webwml/-/tree/master/english/lts/security/2021
> Maybe you forgot to git-push there?

https://www.debian.org/lts/security/ also does not show it.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-06-14 Thread Sylvain Beucler 

Hi Chris,

The script checks:
https://salsa.debian.org/webmaster-team/webwml/-/tree/master/english/lts/security/2021

Maybe you forgot to git-push there?

- Sylvain

On 14/06/2021 09:08, Chris Lamb wrote:

Hi Holger,


Just three DLAs have been reserved and haven't been published yet:


Thanks for these. However, I think this is a false positive:


- DLA 2676-1 (05 Jun 2021) (python-django)


This, I believe, has been published:

   https://lists.debian.org/debian-lts-announce/2021/06/msg4.html

   data/DLA/list:
   [05 Jun 2021] DLA-2676-1 python-django - security update
{CVE-2021-33203 CVE-2021-33571}
[stretch] - python-django 1:1.10.7-2+deb9u14

   $ rmadison python-django --url=udd --suite=stretch-security
   python-django | 1:1.10.7-2+deb9u14 | stretch-security | source, all
   $

Am I missing something?


Best wishes,

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-06-14 Thread Chris Lamb 
Hi Holger,

> Just three DLAs have been reserved and haven't been published yet:

Thanks for these. However, I think this is a false positive:

> - DLA 2676-1 (05 Jun 2021) (python-django)

This, I believe, has been published:

  https://lists.debian.org/debian-lts-announce/2021/06/msg4.html

  data/DLA/list:
  [05 Jun 2021] DLA-2676-1 python-django - security update
{CVE-2021-33203 CVE-2021-33571}
[stretch] - python-django 1:1.10.7-2+deb9u14

  $ rmadison python-django --url=udd --suite=stretch-security
  python-django | 1:1.10.7-2+deb9u14 | stretch-security | source, all
  $ 

Am I missing something?


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-05-24 Thread Utkarsh Gupta 
Hello,

On Tue, May 25, 2021 at 2:23 AM Lynoure Braakman  wrote:
> No one claimed more than 4 packages. Utkarsh claimed 4 packages, but
> having mrxvt, rxvt and uxvt-unicode claimed by different people wouldn't
> make very much sense, so no problem there.

Yep, all 4 packages are affected by the same CVE.


- u

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-05-04 Thread Emilio Pozuelo Monfort 

Hi,

On 03/05/2021 16:40, Lynoure Braakman wrote:

Following DLAs have been reserved and haven't been published yet:
DLA 2637-1 (23 Apr 2021) (drupal7)
DLA 2610-1 (29 Mar 2021) (linux-4.19)


As FD, I have added these to the website (the other two were already done).

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-26 Thread Lynoure Braakman 
On Monday 26 April 2021 17:39:01 CEST Lynoure Braakman wrote:

> Four DLAs have been reserved and haven't been published yet:
>  DLA 2637-1 (23 Apr 2021)  (drupal7)
>  DLA 2636-1 (23 Apr 2021) (pjproject)
>  DLA 2629-1 (18 Apr 2021) (libebml)
>  DLA 2628-1 (17 Apr 2021) (python2.7)
>  DLA 2618-2 (16 Apr 2021) (smarty3)
>  DLA 2610-1 (29 Mar 2021) (linux-4.19)

All you can count, and I don't always remember to edit the things I copy 
paste, so:

s/Four/Following/


-- 
Lynoure Braakman

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-12 Thread Utkarsh Gupta 
Hello,

On Tue, Apr 13, 2021 at 1:43 AM Holger Levsen  wrote:
> well, yes, but it was caught by the script I'm running each week?!?

I am actually not sure what to reply because all I wanted to convey is
that this was left unpublished and no one's at fault here, really.
Someone had to notice and fix that, which is done :)


- u

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-12 Thread Holger Levsen 
hi,

dropping the elts list..

On Tue, Apr 13, 2021 at 12:41:27AM +0530, Utkarsh Gupta wrote:
> I am not sure. This is a rare example of how a website update could go
> missing since this update was done entirely by another DD without
> anyone's help or coordination and might've missed the publishing to
> the website part.

well, yes, but it was caught by the script I'm running each week?!?
 

-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

If you upload your address book to "the cloud", I don't want to be in it.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-12 Thread Utkarsh Gupta 
Hello,

On Tue, Apr 13, 2021 at 12:26 AM Holger Levsen  wrote:
> On Tue, Apr 13, 2021 at 12:04:44AM +0530, Utkarsh Gupta wrote:
> > > Twos DLAs have been reserved and haven't been published yet:
> > > - DLA 2613-1 (31 Mar 2021) (underscore)
> > This was issued by Yadd (the regular maintainer/team member of the JS
> > team) and hence was missing the website update. I've now published
> > that on his behalf via 020b540c.
>
> yay, thanks! & also, I don't really care as long as it's fixed in a timely
> manner, and after my first reminder is definitly still soon enough.
>
> So, IOW, thanks and no need to explain if there is just some little slag.
> :)
>
> (But please do share if you think that's helpful and eg. is something
> which could be improved etc...)

I am not sure. This is a rare example of how a website update could go
missing since this update was done entirely by another DD without
anyone's help or coordination and might've missed the publishing to
the website part.

I happened to remember this package name and re-called that nobody
from the LTS team worked on this and so I just went ahead and pushed
the missing piece.


- u

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-12 Thread Holger Levsen 
Hi Utkarsh,

On Tue, Apr 13, 2021 at 12:04:44AM +0530, Utkarsh Gupta wrote:
> > Twos DLAs have been reserved and haven't been published yet:
> > - DLA 2613-1 (31 Mar 2021) (underscore)
> This was issued by Yadd (the regular maintainer/team member of the JS
> team) and hence was missing the website update. I've now published
> that on his behalf via 020b540c.

yay, thanks! & also, I don't really care as long as it's fixed in a timely
manner, and after my first reminder is definitly still soon enough.

So, IOW, thanks and no need to explain if there is just some little slag.
:)

(But please do share if you think that's helpful and eg. is something
which could be improved etc...)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

The corona crisis is peanuts compared to the global climate disaster.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-04-12 Thread Utkarsh Gupta 
Hi Holger,

On Mon, Apr 12, 2021 at 5:29 PM Holger Levsen  wrote:
> Twos DLAs have been reserved and haven't been published yet:
> - DLA 2613-1 (31 Mar 2021) (underscore)

This was issued by Yadd (the regular maintainer/team member of the JS
team) and hence was missing the website update. I've now published
that on his behalf via 020b540c.


- u

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2021-02-01 Thread Roberto C . Sánchez 
On Mon, Feb 01, 2021 at 11:32:13AM +, Holger Levsen wrote:
> 
> One DLA has been reserved but not yet been published:
> - DLA 2537-1 (31 Jan 2021) (ffmpeg)
> 
It looks like this was just merged/published.

> Have a great week!
> 
You too!

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-23 Thread Holger Levsen 
On Mon, Nov 23, 2020 at 08:08:55AM +, Holger Levsen wrote:
> There are two DLAs which have been reserved but not yet been published:
> - DLA 2463-1 (22 Nov 2020) (samba)
> - DLA 2379-3 (21 Nov 2020) (mediawiki)

I've just merged those debian-www MRs so these DLAs should be on the website
any minute.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-19 Thread Brian May 
Abhijith PA  writes:

> Also my issue is cleared and jupyter-notebook *accepted* . I hope
> golang-github-ncw-rclone-dev cleared too.

Yes, the two packages of mine that were waiting now got in.
-- 
Brian May

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-18 Thread Abhijith PA 
Hello Brian,

On 17/11/20 2:14 am, Brian May wrote:
> Abhijith PA  writes:
> 
>> I generated DLA for jupyter-notebook just before upload. But upload was
>> rejected due to `Built-Using refers to non-existing source package`. I have
>> pinged ftp masters couple of times to manually move needed packages to
>> security-master. If any ftp masters here, please help.
> 
> I have a similar issue. I opened up a bug report:
> 
> https://bugs.debian.org/974877
> 
> I suggest you do they same. At least with the bug report there is a
> formal public record of the pending request.

Thanks for the suggestion. I filed bug report(#974954) two days ago.

Also my issue is cleared and jupyter-notebook *accepted* . I hope
golang-github-ncw-rclone-dev cleared too.

--abhijith

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-16 Thread Brian May 
Abhijith PA  writes:

> I generated DLA for jupyter-notebook just before upload. But upload was
> rejected due to `Built-Using refers to non-existing source package`. I have
> pinged ftp masters couple of times to manually move needed packages to
> security-master. If any ftp masters here, please help.

I have a similar issue. I opened up a bug report:

https://bugs.debian.org/974877

I suggest you do they same. At least with the bug report there is a
formal public record of the pending request.
-- 
Brian May

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-16 Thread Holger Levsen 
On Mon, Nov 16, 2020 at 12:36:23PM +0100, Emilio Pozuelo Monfort wrote:
> These used to include the DLA number. Maybe those could be back?
 
copy error on my side, sorry.

- DLA 2446-1 (10 Nov 2020) (moin)
- DLA 2432-1 (04 Nov 2020) (jupyter-notebook)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Dance like no one's watching. Encrypt like everyone is.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-16 Thread Abhijith PA 
Hi,

On 16/11/20 5:06 pm, Emilio Pozuelo Monfort wrote:
> Hi,
...
> fwiw the jupyter-notebook DLA is not in -announce either, so it's not just
> missing in the website.

I generated DLA for jupyter-notebook just before upload. But upload was
rejected due to `Built-Using refers to non-existing source package`. I have
pinged ftp masters couple of times to manually move needed packages to
security-master. If any ftp masters here, please help.

--abhijith

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-11-16 Thread Emilio Pozuelo Monfort 

Hi,

On 16/11/2020 11:31, Holger Levsen wrote:

There are three DLAs which have been reserved but not yet been published:
- (15 Nov 2020) (libvncserver)
- (10 Nov 2020) (moin)
- (04 Nov 2020) (jupyter-notebook)


These used to include the DLA number. Maybe those could be back?

fwiw the jupyter-notebook DLA is not in -announce either, so it's not just 
missing in the website.


Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-31 Thread Holger Levsen 
On Mon, Aug 31, 2020 at 03:41:25PM +0200, Sylvain Beucler wrote:
> I consider each separately and I can write a detailed rationale, but I
> feel out-of-place doing so (I'm not the one designing and justifying the
> procedures), and 10 days with no activity feels a bit long to resume
> this kind of thread.

wow, it's August (=summer & vacation time here) and online DebConf too,
so I would have thought 10 days is not even that late. C'est la vie
moderne, I guess. 


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"There's no glory in prevention." (Christian Drosten)


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-31 Thread Sylvain Beucler 
Hi,

On 31/08/2020 14:44, Holger Levsen wrote:
> On Fri, Aug 21, 2020 at 12:59:54PM +0200, Sylvain Beucler wrote:
>> Still in this particular case, in our process the team coordinator cites
>> contributors by running a heuristic-based script, and forwarding it
>> verbatim to the team (and the whole Internet), so I believe this isn't a
>> case where the contributor would need to learn to cope, but a case where
>> public naming is error-prone and not appropriate. Hence why I replaced
>> the last-committer name with package+date for missing website imports.
>>
>> That being said, I think the current process for reporting stalled and
>> multiples claims is good enough as-is :)
> 
> I don't understand why you think naming people and package names is ok
> for stalled updates and multiple claims but not for stalled announcements.
> could you please explain and make me understand?

I consider each separately and I can write a detailed rationale, but I
feel out-of-place doing so (I'm not the one designing and justifying the
procedures), and 10 days with no activity feels a bit long to resume
this kind of thread.

Cheers!
Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-31 Thread Holger Levsen 
On Fri, Aug 21, 2020 at 12:59:54PM +0200, Sylvain Beucler wrote:
> In this particular case of missing web imports, one real issue is a
> fragile workflow involving duplicate mail/web announcements due to lack
> of automation/integration.

sure, and my remarks are just to help with this sub-optimal workflow.

> Still in this particular case, in our process the team coordinator cites
> contributors by running a heuristic-based script, and forwarding it
> verbatim to the team (and the whole Internet), so I believe this isn't a
> case where the contributor would need to learn to cope, but a case where
> public naming is error-prone and not appropriate. Hence why I replaced
> the last-committer name with package+date for missing website imports.
> 
> That being said, I think the current process for reporting stalled and
> multiples claims is good enough as-is :)

I don't understand why you think naming people and package names is ok
for stalled updates and multiple claims but not for stalled announcements.
could you please explain and make me understand?


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Dance like no one's watching. Encrypt like everyone is.


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-21 Thread Sylvain Beucler 
Hi,

On 20/08/2020 19:37, Holger Levsen wrote:
>>> p.s.: as an after thought re: "don't harass me" (though I get it was a
>>> joke, but I think the joke conveyed a useful notion): maybe my semiautomatic
>>> mails should have a permanent disclaimer that being 'called out' by them is
>>> nothing bad and doesn't deserve any explaination, just fixing? I've just 
>>> took 
>>> a note to do so next monday, please help me to word this disclaimer nicely.
>> Whether the e-mail is from a human or from a machine, whether it has a
>> disclaimer or not, it's never pleasing to be called out.
>> We better do it only when there's a valid reason.
>> Which I think is the case for the prior parts of the weekly e-mail.
> well, reserving an DLA and not sending it is also a valid reason.
>
> and I still disagree with being called out here is a bad thing, because it's
> worse to claim a package and not do the work. So being called out^w^wreminded
> of this is still a good thing in my book.
>
> we work in public here and this means our good and bad work is public.
> if one cannot work like this, one should learn to cope or switch.
>
> that said, I'll edit the results to not include missing DLAs on webwml if the
> DLA was requested on day I'll be sending the mail.

As a general guideline, I try to steer away from public shaming, which
is detrimental to team spirit and tends to hide real issues, and steer
towards problem identification and correction.

In this particular case of missing web imports, one real issue is a
fragile workflow involving duplicate mail/web announcements due to lack
of automation/integration.

Still in this particular case, in our process the team coordinator cites
contributors by running a heuristic-based script, and forwarding it
verbatim to the team (and the whole Internet), so I believe this isn't a
case where the contributor would need to learn to cope, but a case where
public naming is error-prone and not appropriate. Hence why I replaced
the last-committer name with package+date for missing website imports.

That being said, I think the current process for reporting stalled and
multiples claims is good enough as-is :)

Cheers!
Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-20 Thread Holger Levsen 
Hi Sylvain,

On Tue, Aug 18, 2020 at 04:31:28PM +0200, Sylvain Beucler wrote:
> I was thinking of 24h, in which case it's perfectly justified to be
> notified.
> Anyway I settled for printing the DLA date.

thanks, I like that the date and package name is printed now. I slightly dislike
not naming the requestor, but won't change it myself for now.

> Spurious notifications waste time, we better fix them.

agreed.

> (I also dislike when debwatch mails me about a new upstream release
> while I'm upstream and I already uploaded a Debian package ;))

well, yes, but there will always be race conditions...

> > p.s.: as an after thought re: "don't harass me" (though I get it was a
> > joke, but I think the joke conveyed a useful notion): maybe my semiautomatic
> > mails should have a permanent disclaimer that being 'called out' by them is
> > nothing bad and doesn't deserve any explaination, just fixing? I've just 
> > took 
> > a note to do so next monday, please help me to word this disclaimer nicely.
> Whether the e-mail is from a human or from a machine, whether it has a
> disclaimer or not, it's never pleasing to be called out.
> We better do it only when there's a valid reason.
> Which I think is the case for the prior parts of the weekly e-mail.

well, reserving an DLA and not sending it is also a valid reason.

and I still disagree with being called out here is a bad thing, because it's
worse to claim a package and not do the work. So being called out^w^wreminded
of this is still a good thing in my book.

we work in public here and this means our good and bad work is public.
if one cannot work like this, one should learn to cope or switch.

that said, I'll edit the results to not include missing DLAs on webwml if the
DLA was requested on day I'll be sending the mail.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes... (Greta Thunberg)


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Sylvain Beucler 
Hi

On 18/08/2020 00:08, Holger Levsen wrote:
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.

I was thinking of 24h, in which case it's perfectly justified to be
notified.
Anyway I settled for printing the DLA date.

Spurious notifications waste time, we better fix them.
(I also dislike when debwatch mails me about a new upstream release
while I'm upstream and I already uploaded a Debian package ;))

> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my semiautomatic
> mails should have a permanent disclaimer that being 'called out' by them is
> nothing bad and doesn't deserve any explaination, just fixing? I've just took 
> a note to do so next monday, please help me to word this disclaimer nicely.

Whether the e-mail is from a human or from a machine, whether it has a
disclaimer or not, it's never pleasing to be called out.
We better do it only when there's a valid reason.
Which I think is the case for the prior parts of the weekly e-mail.

Cheers!
Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Sylvain Beucler 
Hi,

According to
https://wiki.debian.org/LTS/Development#Claim_a_DLA_ID_in_DLA.2Flist
one reserves the DLA number right /after/ the upload, with a dated entry
in data/DLA/list, so it's meant to be used quickly.

That being said, I modified the script to not only s/committer/package/,
but also print the DLA date.
(I scrapped a version where I filtered out the current date's DLAs,
because I'm not sure who else uses the script and what they expect).

Cheers!
Sylvain

On 18/08/2020 13:46, Ola Lundqvist wrote:
> Hi
>
> One thing to consider when implementing a delay. You typically reserve
> the DLA some time before making the update so the time you select will
> most likely be wrong.
> Based on this I tend to agree with Holger that any time you select
> will not be suitable. :-)
>
> But sure some delay may be ok.
>
> // Ola
>
> On Tue, 18 Aug 2020 at 00:08, Holger Levsen  > wrote:
>
> hi Sylvain,
>
> On Mon, Aug 17, 2020 at 11:45:03PM +0200, Sylvain Beucler wrote:
> > > - DLA 2332-1 (reserved by Sylvain Beucler)
> > I just uploaded it, I am waiting for the ftp confirmation mail,
> I didn't
> > even send it by e-mail yet - don't harass me!! ;)
> >
> > More seriously, we could add a delay.
>
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.
>
> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my
> semiautomatic
> mails should have a permanent disclaimer that being 'called out'
> by them is
> nothing bad and doesn't deserve any explaination, just fixing?
> I've just took
> a note to do so next monday, please help me to word this
> disclaimer nicely.
>
> > Also, I remember we added the uploader name to make it easier for
> > everybody to notice what needs to be fixed, but for roughly the same
> > informational value it may be nicer to mention the package name
> instead.
>
> that seriously would be a good improvement! patches welcome! ;-D
>
> > What script is responsible for this?
>
> find-missing-advisories in debian-webwml.git, to be used like this:
>
> cd ~/Projects/security-tracker
> git pull
> cd ~/Projects/debian-www/webwml
> git pull
> ./english/security/find-missing-advisories --mode DLA --tracker
> ../../security-tracker/ 2>&1
>
> (while having these git repos cloned into those paths...)
>

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Ola Lundqvist 
Hi

One thing to consider when implementing a delay. You typically reserve the
DLA some time before making the update so the time you select will most
likely be wrong.
Based on this I tend to agree with Holger that any time you select will not
be suitable. :-)

But sure some delay may be ok.

// Ola

On Tue, 18 Aug 2020 at 00:08, Holger Levsen  wrote:

> hi Sylvain,
>
> On Mon, Aug 17, 2020 at 11:45:03PM +0200, Sylvain Beucler wrote:
> > > - DLA 2332-1 (reserved by Sylvain Beucler)
> > I just uploaded it, I am waiting for the ftp confirmation mail, I didn't
> > even send it by e-mail yet - don't harass me!! ;)
> >
> > More seriously, we could add a delay.
>
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.
>
> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my
> semiautomatic
> mails should have a permanent disclaimer that being 'called out' by them is
> nothing bad and doesn't deserve any explaination, just fixing? I've just
> took
> a note to do so next monday, please help me to word this disclaimer nicely.
>
> > Also, I remember we added the uploader name to make it easier for
> > everybody to notice what needs to be fixed, but for roughly the same
> > informational value it may be nicer to mention the package name instead.
>
> that seriously would be a good improvement! patches welcome! ;-D
>
> > What script is responsible for this?
>
> find-missing-advisories in debian-webwml.git, to be used like this:
>
> cd ~/Projects/security-tracker
> git pull
> cd ~/Projects/debian-www/webwml
> git pull
> ./english/security/find-missing-advisories --mode DLA --tracker
> ../../security-tracker/ 2>&1
>
> (while having these git repos cloned into those paths...)
>
>
> --
> cheers,
> Holger
>
>
> ---
>holger@(debian|reproducible-builds|layer-acht).org
>PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
>
> "There's no glory in prevention." (Christian Drosten)
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology 
|  o...@inguza.como...@debian.org|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
 ---

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-17 Thread Holger Levsen 
hi Sylvain,

On Mon, Aug 17, 2020 at 11:45:03PM +0200, Sylvain Beucler wrote:
> > - DLA 2332-1 (reserved by Sylvain Beucler)
> I just uploaded it, I am waiting for the ftp confirmation mail, I didn't
> even send it by e-mail yet - don't harass me!! ;)
> 
> More seriously, we could add a delay.

I believe that wouldn't change anything. If the script would only
complain about DLA reservations X hours old, of course $you would send
the DLA right after my mail / after X hours + 2 minutes.
 
p.s.: as an after thought re: "don't harass me" (though I get it was a
joke, but I think the joke conveyed a useful notion): maybe my semiautomatic
mails should have a permanent disclaimer that being 'called out' by them is
nothing bad and doesn't deserve any explaination, just fixing? I've just took 
a note to do so next monday, please help me to word this disclaimer nicely.

> Also, I remember we added the uploader name to make it easier for
> everybody to notice what needs to be fixed, but for roughly the same
> informational value it may be nicer to mention the package name instead.

that seriously would be a good improvement! patches welcome! ;-D

> What script is responsible for this?

find-missing-advisories in debian-webwml.git, to be used like this:

cd ~/Projects/security-tracker
git pull
cd ~/Projects/debian-www/webwml 
git pull
./english/security/find-missing-advisories --mode DLA --tracker 
../../security-tracker/ 2>&1

(while having these git repos cloned into those paths...)


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

"There's no glory in prevention." (Christian Drosten)


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-17 Thread Sylvain Beucler 
Hi,

On 17/08/2020 23:31, Holger Levsen wrote:
> There are three DLAs which have been reserved but not yet been published on
> www.debian.org:
> 
> - DLA 2332-1 (reserved by Sylvain Beucler)

I just uploaded it, I am waiting for the ftp confirmation mail, I didn't
even send it by e-mail yet - don't harass me!! ;)

More seriously, we could add a delay.

Also, I remember we added the uploader name to make it easier for
everybody to notice what needs to be fixed, but for roughly the same
informational value it may be nicer to mention the package name instead.

What script is responsible for this?

- Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-07-10 Thread Utkarsh Gupta 
Hi Emilio,

On Fri, Jul 10, 2020 at 11:27 PM Emilio Pozuelo Monfort
 wrote:
> On 10/07/2020 19:49, Utkarsh Gupta wrote:
> They got reverted here:
>
> commit 41a5070e43be50edc80c35082caa1a5005b06131
> Author: Branislav Makuch 
> Date:   Wed Jul 1 13:31:49 2020 +
>
> Revert "Merge branch 'master' of salsa.debian.org:webmaster-team/webwml"
>
> This reverts commit 6bcdcddbc8ba89d14541d46617fc456725f69b29
>
> Probably a mistake as it mentions commit 6bcdcd. I'd say just re-add your
> changes, revert that revert :-)

Aw, crap :/
Many thanks, reverted the revert! \o/


Best,
Utkarsh

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-07-10 Thread Emilio Pozuelo Monfort 
On 10/07/2020 19:49, Utkarsh Gupta wrote:
> Hi,
> 
> On Mon, Jul 6, 2020 at 1:40 PM Holger Levsen  wrote:
>> Three DLAs have been reserved but not yet been published on www.debian.org:
>> LTS:
>>
>> - DLA 2269-1 (reserved by Utkarsh Gupta)
>> - DLA 2270-1 (reserved by Utkarsh Gupta)
>> - DLA 2271-1 (reserved by Utkarsh Gupta)
> 
> This is weird. These DLAs were pushed on July 1st itself via [1][2][3].
> Not sure what went wrong!?

They got reverted here:

commit 41a5070e43be50edc80c35082caa1a5005b06131
Author: Branislav Makuch 
Date:   Wed Jul 1 13:31:49 2020 +

Revert "Merge branch 'master' of salsa.debian.org:webmaster-team/webwml"

This reverts commit 6bcdcddbc8ba89d14541d46617fc456725f69b29

Probably a mistake as it mentions commit 6bcdcd. I'd say just re-add your
changes, revert that revert :-)

Cheers,
Emilio

> 
> 
> Best,
> Utkarsh
> ---
> [1]: 
> https://salsa.debian.org/webmaster-team/webwml/-/commit/3fa826e876fd342ecabeeaa0da6f1d21dd6a6181
> [2]: 
> https://salsa.debian.org/webmaster-team/webwml/-/commit/16a084b6ad0a1fbe83ac7b57a162d83d0356a334
> [3]: 
> https://salsa.debian.org/webmaster-team/webwml/-/commit/e52b2777d771f308ecdb741698e624a5ce128745
>

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-07-10 Thread Utkarsh Gupta 
On Fri, Jul 10, 2020 at 11:19 PM Utkarsh Gupta  wrote:
> On Mon, Jul 6, 2020 at 1:40 PM Holger Levsen  wrote:
> > Three DLAs have been reserved but not yet been published on www.debian.org:
> > LTS:
> >
> > - DLA 2269-1 (reserved by Utkarsh Gupta)
> > - DLA 2270-1 (reserved by Utkarsh Gupta)
> > - DLA 2271-1 (reserved by Utkarsh Gupta)
>
> This is weird. These DLAs were pushed on July 1st itself via [1][2][3].
> Not sure what went wrong!?

Interesting. I can't seem them at https://www.debian.org/lts/security/.
So they aren't published. Hm, I'll see what happened to them.

In case someone has any clue, please let me know.


Best,
Utkarsh

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-07-10 Thread Utkarsh Gupta 
Hi,

On Mon, Jul 6, 2020 at 1:40 PM Holger Levsen  wrote:
> Three DLAs have been reserved but not yet been published on www.debian.org:
> LTS:
>
> - DLA 2269-1 (reserved by Utkarsh Gupta)
> - DLA 2270-1 (reserved by Utkarsh Gupta)
> - DLA 2271-1 (reserved by Utkarsh Gupta)

This is weird. These DLAs were pushed on July 1st itself via [1][2][3].
Not sure what went wrong!?


Best,
Utkarsh
---
[1]: 
https://salsa.debian.org/webmaster-team/webwml/-/commit/3fa826e876fd342ecabeeaa0da6f1d21dd6a6181
[2]: 
https://salsa.debian.org/webmaster-team/webwml/-/commit/16a084b6ad0a1fbe83ac7b57a162d83d0356a334
[3]: 
https://salsa.debian.org/webmaster-team/webwml/-/commit/e52b2777d771f308ecdb741698e624a5ce128745

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-06-29 Thread Mike Gabriel 

On  Mo 29 Jun 2020 12:07:31 CEST, Holger Levsen wrote:


- DLA 2230-1 (reserved by Mike Gabriel)


Ouch. Here it is:
https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/504

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpVPAzRXACsR.pgp
Description: Digitale PGP-Signatur

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-06-29 Thread Utkarsh Gupta 
Hi,

On Mon, Jun 29, 2020 at 5:58 PM 'Mike Gabriel' via Extended LTS
Contributors  wrote:
> > - DLA 2230-1 (reserved by Mike Gabriel)
> Ouch. Here it is:
> https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/504

Merged! :)


Best,
Utkarsh

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-09 Thread Chris Lamb 
Hi Emilio,

> > If we do not announce these via the website, I suppose the next course
> > of action would be to update the script to ignore these. Advice welcome.
> 
> parse-dla.pl will dtrt, e.g.:
> 
> emilio@andromeda:~/deb/webwml/english/lts/security$ ls 2020/*-2.*

Ah, I had looked for exactly this but somehow these files escaped me.
I have submitted a MR now:

  https://salsa.debian.org/webmaster-team/webwml/-/merge_requests/385


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-09 Thread Emilio Pozuelo Monfort 
On 09/03/2020 19:29, Chris Lamb wrote:
> Hi Holger et al.,
> 
>> ERROR: .data or .wml file missing for DLA 2115-2 (reserved by Chris Lamb)
>__^__
> 
> How does we announce a regression (ie. -2, -3) via the website? The
> namespacing used here (captured in the filenames such as 2020/
> dla-2115.wml etc.) do not include the suffix, so it is not clear to me
> how we are meant to append additional details.
> 
> If we do not announce these via the website, I suppose the next course
> of action would be to update the script to ignore these. Advice welcome.

parse-dla.pl will dtrt, e.g.:

emilio@andromeda:~/deb/webwml/english/lts/security$ ls 2020/*-2.*
2020/dla-1931-2.data  2020/dla-1931-2.wml  2020/dla-2131-2.data  
2020/dla-2131-2.wml

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-09 Thread Chris Lamb 
Hi Holger et al.,

> ERROR: .data or .wml file missing for DLA 2115-2 (reserved by Chris Lamb)
   __^__

How does we announce a regression (ie. -2, -3) via the website? The
namespacing used here (captured in the filenames such as 2020/
dla-2115.wml etc.) do not include the suffix, so it is not clear to me
how we are meant to append additional details.

If we do not announce these via the website, I suppose the next course
of action would be to update the script to ignore these. Advice welcome.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-06 Thread Holger Levsen 
Hi Emilio,

On Mon, Mar 02, 2020 at 12:57:26PM +0100, Emilio Pozuelo Monfort wrote:
> And it's finally merged into webwml. You can run it like this:

yay! thank you very much for resolving this issue finally!
 
& more thanks for cleaning up the remaining entries!


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-06 Thread Emilio Pozuelo Monfort 
On 02/03/2020 12:57, Emilio Pozuelo Monfort wrote:
> On 01/03/2020 00:28, Holger Levsen wrote:
>> On Sat, Feb 29, 2020 at 10:46:48PM +, Holger Levsen wrote:
 I have moved it to the security-tracker in [1]. 
>>> hah. 
>>
>> hah and now that I want to use it I realize you moved the MR only... grrr.
>> ok, we'll see how this goes.
> 
> And it's finally merged into webwml. You can run it like this:
> 
> emilio@andromeda:~/deb/webwml$ ./english/security/find-missing-advisories 
> --mode DLA --tracker ../lts/security-tracker/

> ERROR: .data or .wml file missing for DLA 2031-1 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 2000-1 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1714-2 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1713-2 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1953-2 (reserved by Hugo Lefeuvre)

fwiw I took care of those, so we shouldn't have any remaining old ones anymore.
Now it's just a matter of keeping up.

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-03-02 Thread Emilio Pozuelo Monfort 
On 01/03/2020 00:28, Holger Levsen wrote:
> On Sat, Feb 29, 2020 at 10:46:48PM +, Holger Levsen wrote:
>>> I have moved it to the security-tracker in [1]. 
>> hah. 
> 
> hah and now that I want to use it I realize you moved the MR only... grrr.
> ok, we'll see how this goes.

And it's finally merged into webwml. You can run it like this:

emilio@andromeda:~/deb/webwml$ ./english/security/find-missing-advisories 
--mode DLA --tracker ../lts/security-tracker/
ERROR: .data or .wml file missing for DLA 2114-1 (reserved by Ben Hutchings)
ERROR: .data or .wml file missing for DLA 2043-2 (reserved by Thorsten Alteholz)
ERROR: .data or .wml file missing for DLA 2031-1 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 2000-1 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1714-2 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1713-2 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1953-2 (reserved by Hugo Lefeuvre)

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-29 Thread Holger Levsen 
On Sat, Feb 29, 2020 at 10:46:48PM +, Holger Levsen wrote:
> > I have moved it to the security-tracker in [1]. 
> hah. 

hah and now that I want to use it I realize you moved the MR only... grrr.
ok, we'll see how this goes.

;)


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-29 Thread Holger Levsen 
Hi Emilio,

On Sat, Feb 29, 2020 at 02:02:41PM +0100, Emilio Pozuelo Monfort wrote:
> On 19/02/2020 10:45, Emilio Pozuelo Monfort wrote:
> > btw I wonder if that script shouldn't leave elsewhere, such as in the webwml
> > repo or in the security-tracker.
> I have moved it to the security-tracker in [1]. 

hah. I discussed this in person last weekend with Salvatore and then didnt do
this as he didn't like it. (As expressed in the ticket, where I'd like to
continue this discussion mostly/if possible.)

Last weekend I concluded to ping the debian-www people again (as I cannot myself
do merges in their cron.git) and now that you went ahead I cannot say I'm
unhappy you did so ;) (But I can say that I will happily accept a revert from
the security team if they decide to really really not want this script in their 
repo.
We'll find a way to make us all happy eventually!)

> I made it more useful for DSAs
> by ignoring regression updates, as those are not (currently) imported to the
> website. 

I'd add a warning as a reminder that regression updates are ignored.

> That let me found a few entries were data/DSA/list just had the wrong
> year, and by fixing those I got the list down to this:
> 
> $ bin/check-advisories --website-path ../../webwml
> ERROR: .data or .wml file missing for DSA 4342-1 (reserved by Michael Gilbert)
> ERROR: .data or .wml file missing for DSA 3156-1 (reserved by Luciano Bello)
> ERROR: .data or .wml file missing for DSA 3043-1 (reserved by Moritz 
> Muehlenhoff)
> ERROR: .data or .wml file missing for DSA 2360-1 (reserved by Michael Gilbert)
> ERROR: .data or .wml file missing for DSA 1975-1 (reserved by Stefan Fritsch)

wheeeh! nice contribution to stable-security! :)

& thank you for all of this!


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes...


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-29 Thread Emilio Pozuelo Monfort 
On 19/02/2020 10:45, Emilio Pozuelo Monfort wrote:
> btw I wonder if that script shouldn't leave elsewhere, such as in the webwml
> repo or in the security-tracker.

I have moved it to the security-tracker in [1]. I made it more useful for DSAs
by ignoring regression updates, as those are not (currently) imported to the
website. That let me found a few entries were data/DSA/list just had the wrong
year, and by fixing those I got the list down to this:

$ bin/check-advisories --website-path ../../webwml
ERROR: .data or .wml file missing for DSA 4342-1 (reserved by Michael Gilbert)
ERROR: .data or .wml file missing for DSA 3156-1 (reserved by Luciano Bello)
ERROR: .data or .wml file missing for DSA 3043-1 (reserved by Moritz 
Muehlenhoff)
ERROR: .data or .wml file missing for DSA 2360-1 (reserved by Michael Gilbert)
ERROR: .data or .wml file missing for DSA 1975-1 (reserved by Stefan Fritsch)

Cheers,
Emilio

[1] 
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/52

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-24 Thread Chris Lamb 
Hi all,

> And, thanks to Emilio's patch showing the authors here, we got significantly
> less DLAs missing on www.debian.org:
[..]
> ERROR: .data or .wml file missing for DLA 1985-1 (reserved by Chris Lamb)

Thanks for your dilegence. Another one with a local commit but I
neglected to ensure an MR was created. I have now done so here:

  https://salsa.debian.org/webmaster-team/webwml/merge_requests/369

I've now triple-underlined this in my "launch sequence checklist" …


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-24 Thread Ben Hutchings 
On Mon, 2020-02-24 at 14:17 +, Holger Levsen wrote:
> hi,
> 
> today I unclaimed
> 
> for LTS:
> - python-pysaml2 (Abhijith PA)
> 
> and none for eLTS.
> 
> 
> And, thanks to Emilio's patch showing the authors here, we got significantly
> less DLAs missing on www.debian.org:
> 
> ERROR: .data or .wml file missing for DLA 2114-1 (reserved by Ben Hutchings)
[...]

Not yet issued as the upload is waiting in NEW.

Ben.

-- 
Ben Hutchings
Larkinson's Law: All laws are basically false.




signature.asc
Description: This is a digitally signed message part

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-21 Thread Holger Levsen 
On Fri, Feb 21, 2020 at 11:14:35AM +0100, Emilio Pozuelo Monfort wrote:
> Do you have python3-git installed? I made that dependency optional, so that if
> you don't have it, the script will still work (but without the author info).

thanks, this fixed this indeed.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Chris Lamb 
Dear all.

> > The attached patch allows that script to also print author information when
> > using a local copy of the security-tracker repo with the --list option.

This is extremely useful, thank you.

> > ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)

Looking at my Git history, I created DLA 2083's webwml files at the
time and even pushed it to salsa… but I must have neglected to submit
a merge request. I how now done so:

  https://salsa.debian.org/webmaster-team/webwml/merge_requests/366

… and it has been merged.


Best wishes,


-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Holger Levsen 
Hi Emilio,

On Wed, Feb 19, 2020 at 10:45:36AM +0100, Emilio Pozuelo Monfort wrote:
> > cd ~/Projects/security-tracker
> > git pull
> > cd ~/Projects/debian-www/webwml 
> > git pull
> > ../cron/parts/10-check-advisories --mode DLA  2>&1
> > 
> > where ~/Projects/debian-www/cron is on the branch mr-origin-1...
> 
> The attached patch allows that script to also print author information when
> using a local copy of the security-tracker repo with the --list option.

cool, many thanks! but it t doesn't work for me, maybe I'm doing it wrong:

~/Projects/debian-www/webwml$ ../cron/parts/10-check-advisories --mode DLA 
--list ../../security-tracker/data/DLA/list 
ERROR: .data or .wml file missing for DLA 2103-1 
ERROR: .data or .wml file missing for DLA 2101-1 
ERROR: .data or .wml file missing for DLA 2083-1 
[...]

> Otherwise it should fall back to the status quo. The current output is:
> ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph Berg)
[...]

very nice!

> btw I wonder if that script shouldn't leave elsewhere, such as in the webwml
> repo or in the security-tracker.

yeah, very probably...


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Our civilization is being sacrificed for the opportunity of a very small number
of people to continue making enormous amounts of money...  It is the sufferings
of the many  which pay  for the luxuries  of the few...  You say  you love your
children  above all else,  and yet  you are stealing  their future  in front of 
their very eyes...


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Sylvain Beucler 


On 20/02/2020 14:32, Emilio Pozuelo Monfort wrote:
> I still see this in 2019/dla-1993.wml:
>
> # do not modify the following line
> #include "$(ENGLISHDIR)/lts/security/2020/dla-1993.data"
> # $Id: $
>
> Looks like you actually need to modify it :p
>
> Btw if you parse a file with a Date: header, parse-dla.pl will read that and
> place the files in the appropriate dir, so you don't need to do any fixups
> afterwards.
Thanks. I had changed the .data date but not the .wml template.
(and had imported my plain-text dla)

Cheers!
Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Emilio Pozuelo Monfort 
On 20/02/2020 13:56, Sylvain Beucler wrote:
> Hi,
> 
> On 20/02/2020 13:35, Emilio Pozuelo Monfort wrote:
>> On 20/02/2020 12:40, Abhijith PA wrote:
>>> Holger,
>>>
>>> On 19/02/20 3:15 pm, Emilio Pozuelo Monfort wrote:
>>>
>>>
 The attached patch allows that script to also print author information when
 using a local copy of the security-tracker repo with the --list option.
 Otherwise it should fall back to the status quo. The current output is:

 ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
 Sánchez)
 ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph 
 Berg)
 ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger 
 Levsen)
 ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian 
 Blank)
 ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
 ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
 ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)
>>> DLA 2053-1 pushed to webmaster-team repo a month ago.
>>>
>>> https://salsa.debian.org/webmaster-team/webwml/commit/b0a5c59185a4d21906ee3882d8c9004e25c7b13d
>> data/DLA/list says:
>>
>> [31 Dec 2019] DLA-2053-1 otrs2 - security update
>>
>> i.e. this was reserved in 2019. Thus the script that generates this report is
>> looking in the 2019/ folder of the website, but it is actually living in the
>> 2020/ folder, most likely due to parse-dla.pl placing it there because of the
>> Date header of your email (which was sent in 2020).
>>
>> Normally reserving a DLA and sending it a few hours later wouldn't cause
>> significant trouble (except for out of order announcements), but it did here 
>> due
>> to the year offset and how things are archived in the website. Note how also 
>> the
>> source link in [1] is broken.
>>
>> [1] https://security-tracker.debian.org/tracker/DLA-2053-1
>>
>> We have three options here:
>> - move the files in the website to 2019/, breaking the current link
>> - change the date in data/DLA/list to Jan 1 2020
>> - keep the status quo (with the broken link in the tracker) and change the
>>   script to find the files even if they are in another year
>>
>> Given that commit dafc13ef in the security-tracker hasn't broken anything, 
>> I'll
>> just update the date in data/DLA/list to fix the tracker link and getting 
>> that
>> DLA off the report.
> I committed DLA-1993-1 manually in the 2019 folder, fixed the date in
> the .data file, but it looks like this wasn't enough, this is 404:
> https://www.debian.org/lts/security/2019/dla-1993
> https://security-tracker.debian.org/tracker/DLA-1993-1
> https://salsa.debian.org/webmaster-team/webwml/commit/2f79c83e9dac20596a24f6b404cfa2ce1954e3d1
> 
> I guess the web build system has a limitation. Do the webmasters need to
> intervene ?

I still see this in 2019/dla-1993.wml:

# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2020/dla-1993.data"
# $Id: $

Looks like you actually need to modify it :p

Btw if you parse a file with a Date: header, parse-dla.pl will read that and
place the files in the appropriate dir, so you don't need to do any fixups
afterwards.

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Sylvain Beucler 
Hi,

On 20/02/2020 13:35, Emilio Pozuelo Monfort wrote:
> On 20/02/2020 12:40, Abhijith PA wrote:
>> Holger,
>>
>> On 19/02/20 3:15 pm, Emilio Pozuelo Monfort wrote:
>>
>>
>>> The attached patch allows that script to also print author information when
>>> using a local copy of the security-tracker repo with the --list option.
>>> Otherwise it should fall back to the status quo. The current output is:
>>>
>>> ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
>>> Sánchez)
>>> ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph 
>>> Berg)
>>> ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger Levsen)
>>> ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian Blank)
>>> ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
>>> ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
>>> ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)
>> DLA 2053-1 pushed to webmaster-team repo a month ago.
>>
>> https://salsa.debian.org/webmaster-team/webwml/commit/b0a5c59185a4d21906ee3882d8c9004e25c7b13d
> data/DLA/list says:
>
> [31 Dec 2019] DLA-2053-1 otrs2 - security update
>
> i.e. this was reserved in 2019. Thus the script that generates this report is
> looking in the 2019/ folder of the website, but it is actually living in the
> 2020/ folder, most likely due to parse-dla.pl placing it there because of the
> Date header of your email (which was sent in 2020).
>
> Normally reserving a DLA and sending it a few hours later wouldn't cause
> significant trouble (except for out of order announcements), but it did here 
> due
> to the year offset and how things are archived in the website. Note how also 
> the
> source link in [1] is broken.
>
> [1] https://security-tracker.debian.org/tracker/DLA-2053-1
>
> We have three options here:
> - move the files in the website to 2019/, breaking the current link
> - change the date in data/DLA/list to Jan 1 2020
> - keep the status quo (with the broken link in the tracker) and change the
>   script to find the files even if they are in another year
>
> Given that commit dafc13ef in the security-tracker hasn't broken anything, 
> I'll
> just update the date in data/DLA/list to fix the tracker link and getting that
> DLA off the report.
I committed DLA-1993-1 manually in the 2019 folder, fixed the date in
the .data file, but it looks like this wasn't enough, this is 404:
https://www.debian.org/lts/security/2019/dla-1993
https://security-tracker.debian.org/tracker/DLA-1993-1
https://salsa.debian.org/webmaster-team/webwml/commit/2f79c83e9dac20596a24f6b404cfa2ce1954e3d1

I guess the web build system has a limitation. Do the webmasters need to
intervene ?

Cheers!
Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Emilio Pozuelo Monfort 
On 20/02/2020 12:40, Abhijith PA wrote:
> Holger,
> 
> On 19/02/20 3:15 pm, Emilio Pozuelo Monfort wrote:
> 
> 
>> The attached patch allows that script to also print author information when
>> using a local copy of the security-tracker repo with the --list option.
>> Otherwise it should fall back to the status quo. The current output is:
>>
>> ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
>> Sánchez)
>> ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph Berg)
>> ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger Levsen)
>> ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian Blank)
>> ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
>> ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
>> ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)
> 
> DLA 2053-1 pushed to webmaster-team repo a month ago.
> 
> https://salsa.debian.org/webmaster-team/webwml/commit/b0a5c59185a4d21906ee3882d8c9004e25c7b13d

data/DLA/list says:

[31 Dec 2019] DLA-2053-1 otrs2 - security update

i.e. this was reserved in 2019. Thus the script that generates this report is
looking in the 2019/ folder of the website, but it is actually living in the
2020/ folder, most likely due to parse-dla.pl placing it there because of the
Date header of your email (which was sent in 2020).

Normally reserving a DLA and sending it a few hours later wouldn't cause
significant trouble (except for out of order announcements), but it did here due
to the year offset and how things are archived in the website. Note how also the
source link in [1] is broken.

[1] https://security-tracker.debian.org/tracker/DLA-2053-1

We have three options here:
- move the files in the website to 2019/, breaking the current link
- change the date in data/DLA/list to Jan 1 2020
- keep the status quo (with the broken link in the tracker) and change the
  script to find the files even if they are in another year

Given that commit dafc13ef in the security-tracker hasn't broken anything, I'll
just update the date in data/DLA/list to fix the tracker link and getting that
DLA off the report.

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-20 Thread Abhijith PA 
Holger,

On 19/02/20 3:15 pm, Emilio Pozuelo Monfort wrote:


> The attached patch allows that script to also print author information when
> using a local copy of the security-tracker repo with the --list option.
> Otherwise it should fall back to the status quo. The current output is:
> 
> ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
> Sánchez)
> ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph Berg)
> ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger Levsen)
> ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian Blank)
> ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
> ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
> ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)

DLA 2053-1 pushed to webmaster-team repo a month ago.

https://salsa.debian.org/webmaster-team/webwml/commit/b0a5c59185a4d21906ee3882d8c9004e25c7b13d


--abhijith

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-19 Thread Sylvain Beucler 
Hi,

On 19/02/2020 10:45, Emilio Pozuelo Monfort wrote:
> On 13/02/2020 14:02, Holger Levsen wrote:
>> Hi Emilio,
>>
>> On Mon, Feb 10, 2020 at 04:18:08PM +0100, Emilio Pozuelo Monfort wrote:
>> ERROR: .data or .wml file missing for DLA 2098-1
> It would be useful if this info came with the person who reserved that 
> DLA.
>>> Is this script living somewhere? I could take a look at extracting that
>>> information from data/DLA/list's git history.
>> the script is available in 
>> https://salsa.debian.org/webmaster-team/cron/merge_requests/1
>> and has to be run in the directory of a clone of 
>> https://salsa.debian.org/webmaster-team/webwml/
>> with "../cron/parts/10-check-advisories --mode DLA", so
>> I'm running this in a script:
>>
>> cd ~/Projects/security-tracker
>> git pull
>> cd ~/Projects/debian-www/webwml 
>> git pull
>> ../cron/parts/10-check-advisories --mode DLA  2>&1
>>
>> where ~/Projects/debian-www/cron is on the branch mr-origin-1...
> The attached patch allows that script to also print author information when
> using a local copy of the security-tracker repo with the --list option.
> Otherwise it should fall back to the status quo. The current output is:
>
> ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
> Sánchez)
> ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph Berg)
> ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger Levsen)
> ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian Blank)
> ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
> ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
> ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)
> ERROR: .data or .wml file missing for DLA 2043-2 (reserved by Thorsten 
> Alteholz)
> ERROR: .data or .wml file missing for DLA 2031-1 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 2017-2 (reserved by Adrian Bunk)
> ERROR: .data or .wml file missing for DLA 2000-1 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1993-1 (reserved by Sylvain Beucler)
> ERROR: .data or .wml file missing for DLA 1985-1 (reserved by Chris Lamb)
> ERROR: .data or .wml file missing for DLA 1983-1 (reserved by Thijs Kinkhorst)
> ERROR: .data or .wml file missing for DLA 1714-2 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1713-2 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1953-2 (reserved by Hugo Lefeuvre)
> ERROR: .data or .wml file missing for DLA 1949-1 (reserved by Bastian Blank)
>
> btw I wonder if that script shouldn't leave elsewhere, such as in the webwml
> repo or in the security-tracker.

I was dead-certain that I had converted all my advisories and hence
never checked in detail -- thanks Holger and Emilio :)

- Sylvain

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-19 Thread Emilio Pozuelo Monfort 
On 13/02/2020 14:02, Holger Levsen wrote:
> Hi Emilio,
> 
> On Mon, Feb 10, 2020 at 04:18:08PM +0100, Emilio Pozuelo Monfort wrote:
> ERROR: .data or .wml file missing for DLA 2098-1
 It would be useful if this info came with the person who reserved that DLA.
>> Is this script living somewhere? I could take a look at extracting that
>> information from data/DLA/list's git history.
> 
> the script is available in 
> https://salsa.debian.org/webmaster-team/cron/merge_requests/1
> and has to be run in the directory of a clone of 
> https://salsa.debian.org/webmaster-team/webwml/
> with "../cron/parts/10-check-advisories --mode DLA", so
> I'm running this in a script:
> 
> cd ~/Projects/security-tracker
> git pull
> cd ~/Projects/debian-www/webwml 
> git pull
> ../cron/parts/10-check-advisories --mode DLA  2>&1
> 
> where ~/Projects/debian-www/cron is on the branch mr-origin-1...

The attached patch allows that script to also print author information when
using a local copy of the security-tracker repo with the --list option.
Otherwise it should fall back to the status quo. The current output is:

ERROR: .data or .wml file missing for DLA 2106-1 (reserved by Roberto C. 
Sánchez)
ERROR: .data or .wml file missing for DLA 2105-1 (reserved by Christoph Berg)
ERROR: .data or .wml file missing for DLA 2103-1 (reserved by Holger Levsen)
ERROR: .data or .wml file missing for DLA 2101-1 (reserved by Bastian Blank)
ERROR: .data or .wml file missing for DLA 2083-1 (reserved by Chris Lamb)
ERROR: .data or .wml file missing for DLA 2079-1 (reserved by Abhijith PA)
ERROR: .data or .wml file missing for DLA 2053-1 (reserved by Abhijith PA)
ERROR: .data or .wml file missing for DLA 2043-2 (reserved by Thorsten Alteholz)
ERROR: .data or .wml file missing for DLA 2031-1 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 2017-2 (reserved by Adrian Bunk)
ERROR: .data or .wml file missing for DLA 2000-1 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1993-1 (reserved by Sylvain Beucler)
ERROR: .data or .wml file missing for DLA 1985-1 (reserved by Chris Lamb)
ERROR: .data or .wml file missing for DLA 1983-1 (reserved by Thijs Kinkhorst)
ERROR: .data or .wml file missing for DLA 1714-2 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1713-2 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1953-2 (reserved by Hugo Lefeuvre)
ERROR: .data or .wml file missing for DLA 1949-1 (reserved by Bastian Blank)

btw I wonder if that script shouldn't leave elsewhere, such as in the webwml
repo or in the security-tracker.

Cheers,
Emilio
From bed41e8f79f1344c08fa8f9787c8bb3dcfcdd500 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort 
Date: Wed, 19 Feb 2020 10:38:05 +0100
Subject: [PATCH] 10-check-advisories: optionally fetch author info

---
 parts/10-check-advisories | 24 ++--
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/parts/10-check-advisories b/parts/10-check-advisories
index a2524c6..6353ccc 100755
--- a/parts/10-check-advisories
+++ b/parts/10-check-advisories
@@ -71,9 +71,18 @@ def main():
 for adv in parse_advisories(response.iter_lines(decode_unicode=True)):
 check_advisory(args.mode, args.directory, **adv)
 else:
-with open(args.list) as text:
-for adv in parse_advisories(text):
-check_advisory(args.mode, args.directory, **adv)
+try:
+import git
+repodir = '/'.join(args.list.split('/')[:-3])
+repofile = '/'.join(args.list.split('/')[-3:])
+repo = git.Repo(repodir)
+for commit, lines in repo.blame('HEAD', repofile):
+for adv in parse_advisories(lines):
+check_advisory(args.mode, args.directory, **adv, author=commit.author)
+except:
+with open(args.list) as text:
+for adv in parse_advisories(text):
+check_advisory(args.mode, args.directory, **adv)
 
 
 def parse_advisories(stream):
@@ -87,7 +96,7 @@ def parse_advisories(stream):
 logging.warning('malformed line: "%s"', line)
 
 
-def check_advisory(mode, directory, year, number, errata):
+def check_advisory(mode, directory, year, number, errata, author=None):
 if errata is None:
 errata = '1'
 logging.info('checking %s-%s-%s (%s)', mode, number, errata, year)
@@ -102,8 +111,11 @@ def check_advisory(mode, directory, year, number, errata):
 logging.debug('both data and wml files found, without -1')
 found = True
 if not found:
-logging.error('.data or .wml file missing for %s %s-%s',
-  mode, number, errata)
+author_info = ""
+if author:
+author_info = "(reserved by %s)" % (author)
+logging.error('.data or .wml file missing for %s %s-%s %s',
+  mode, number,

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-13 Thread Holger Levsen 
Hi Emilio,

On Mon, Feb 10, 2020 at 04:18:08PM +0100, Emilio Pozuelo Monfort wrote:
> >>> ERROR: .data or .wml file missing for DLA 2098-1
> >> It would be useful if this info came with the person who reserved that DLA.
> Is this script living somewhere? I could take a look at extracting that
> information from data/DLA/list's git history.

the script is available in 
https://salsa.debian.org/webmaster-team/cron/merge_requests/1
and has to be run in the directory of a clone of 
https://salsa.debian.org/webmaster-team/webwml/
with "../cron/parts/10-check-advisories --mode DLA", so
I'm running this in a script:

cd ~/Projects/security-tracker
git pull
cd ~/Projects/debian-www/webwml 
git pull
../cron/parts/10-check-advisories --mode DLA  2>&1

where ~/Projects/debian-www/cron is on the branch mr-origin-1...


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-10 Thread Emilio Pozuelo Monfort 
On 10/02/2020 12:07, Holger Levsen wrote:
> On Mon, Feb 10, 2020 at 11:23:08AM +0100, Emilio Pozuelo Monfort wrote:
> [...]
>>> ERROR: .data or .wml file missing for DLA 2098-1
>> It would be useful if this info came with the person who reserved that DLA.
> 
> sure. it's just not that easy to get that information programmatically...
> 
>> If
>> one of those were mine, it'd be easier if I could see that, then just update 
>> the
>> website from the debian-lts-announce mails that I still have.
> 
> and yes, we should automate this.

Is this script living somewhere? I could take a look at extracting that
information from data/DLA/list's git history.

Cheers,
Emilio

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-10 Thread Holger Levsen 
On Mon, Feb 10, 2020 at 11:23:08AM +0100, Emilio Pozuelo Monfort wrote:
[...]
> > ERROR: .data or .wml file missing for DLA 2098-1
> It would be useful if this info came with the person who reserved that DLA.

sure. it's just not that easy to get that information programmatically...

> If
> one of those were mine, it'd be easier if I could see that, then just update 
> the
> website from the debian-lts-announce mails that I still have.

and yes, we should automate this.


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C


signature.asc
Description: PGP signature

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-02-10 Thread Emilio Pozuelo Monfort 
On 10/02/2020 03:25, Holger Levsen wrote:
> hi,
> 
> today I unclaimed
> 
> for LTS:
> 
> - xerces-c (Hugo Lefeuvre)
> 
> and none for eLTS.
> 
> Then, the monthly reports for January are due today. Please publish yours, if 
> you haven't already.
> 
> 
> And, the following DLAs are missing on www.debian.org:
> 
> ERROR: .data or .wml file missing for DLA 1713-2
> ERROR: .data or .wml file missing for DLA 1714-2
> ERROR: .data or .wml file missing for DLA 1949-1
> ERROR: .data or .wml file missing for DLA 1953-2
> ERROR: .data or .wml file missing for DLA 1983-1
> ERROR: .data or .wml file missing for DLA 1985-1
> ERROR: .data or .wml file missing for DLA 1993-1
> ERROR: .data or .wml file missing for DLA 2000-1
> ERROR: .data or .wml file missing for DLA 2017-2
> ERROR: .data or .wml file missing for DLA 2031-1
> ERROR: .data or .wml file missing for DLA 2043-2
> ERROR: .data or .wml file missing for DLA 2053-1
> ERROR: .data or .wml file missing for DLA 2079-1
> ERROR: .data or .wml file missing for DLA 2083-1
> ERROR: .data or .wml file missing for DLA 2097-1
> ERROR: .data or .wml file missing for DLA 2098-1

It would be useful if this info came with the person who reserved that DLA. If
one of those were mine, it'd be easier if I could see that, then just update the
website from the debian-lts-announce mails that I still have.

Thanks,
Emilio