On 24-01-2018 19:37, Markus Koschany wrote:
> Thanks. How do you catch the case when security updates are part of a
> stable point release?
This requires more effort. Does the package tracker offer a way to
query such information? The only other idea I have right now involves
inspecting the
Am 24.01.2018 um 19:32 schrieb Nis Martensen:
> How about this?
>
> import apt
>
> def is_security_update(pkgname, version):
> try:
> p = apt.Cache()[pkgname]
> except:
> return False
>
> if version not in p.versions:
> return False
>
> if
How about this?
import apt
def is_security_update(pkgname, version):
try:
p = apt.Cache()[pkgname]
except:
return False
if version not in p.versions:
return False
if 'Debian-Security' in [o.label for o in
p.versions[version].origins]:
Am 24.01.2018 um 16:56 schrieb Nis Martensen:
> Let me describe my suggestion in more detail:
>
> - Instead of having the "is this a security version" check
> implemented directly in bin/reportbug as a version number check, there
> could be a new function "is_security_update(package, version)"
Let me describe my suggestion in more detail:
- Instead of having the "is this a security version" check
implemented directly in bin/reportbug as a version number check, there
could be a new function "is_security_update(package, version)" in
reportbug/utils.py. You can move the version number
2018-01-23 15:58 GMT+01:00 Sandro Tosi :
> point releases usually include all the security updates from the
> previous point release, so they would come from the "main" repo and
> not the security one
That would only be a problem if they are then no longer available via
the
On Tue, Jan 23, 2018 at 4:30 AM, Nis Martensen wrote:
> It might be possible to determine whether an installed package is a
> security update by inspecting the output of apt-cache policy pkgname.
> Not sure if this information can also be obtained used python3-apt.
point
It might be possible to determine whether an installed package is a
security update by inspecting the output of apt-cache policy pkgname.
Not sure if this information can also be obtained used python3-apt.
___
Reportbug-maint mailing list
Hi Sandro,
On Thu, Dec 28, 2017 at 08:30:34PM -0500, Sandro Tosi wrote:
> >> +if is_security_update and support != 'none':
> >> +if support == 'lts':
> >> +email_address = ['debian-...@lists.debian.org']
> >> +else:
> >> +
>> +if is_security_update and support != 'none':
>> +if support == 'lts':
>> +email_address = ['debian-...@lists.debian.org']
>> +else:
>> +email_address = ['t...@security.debian.org']
>> +listcc.extend(email_address)
>> +
Am 21.12.2017 um 22:42 schrieb Salvatore Bonaccorso:
[...]
> Don't worry anymore. It was as well not about all the timeline, I'm
> aware when you did the initial ping, but rather on the "we think it
> needs a change on security tracker and want this information exposed
> ... I want to do the
Hi Markus,
On Wed, Dec 13, 2017 at 01:34:05PM +0100, Markus Koschany wrote:
> Hi Salvatore,
>
> Am 12.12.2017 um 07:19 schrieb Salvatore Bonaccorso:
> [...]
> > I have made the above change now live/commited. The file is still thus
> > extensible and for futher (and future use). Thanks for your
Am 13.12.2017 um 15:11 schrieb Guido Günther:
> Hi Markus,
> (trimming the cc: list a bit since this is just a minor nit):
>
> [..snip..]
>> +for key, value in data.items():
>> +if distnumber in value['major-version']:
>
> distnumber ==
Hi Markus,
(trimming the cc: list a bit since this is just a minor nit):
[..snip..]
> +for key, value in data.items():
> +if distnumber in value['major-version']:
distnumber == value['major-version']
might be better since with distnumber = 1 it
Hi Salvatore,
Am 12.12.2017 um 07:19 schrieb Salvatore Bonaccorso:
[...]
> I have made the above change now live/commited. The file is still thus
> extensible and for futher (and future use). Thanks for your work on
> that! (as a personal note on my side, would have prefered to get less
>
Hi Markus,
On Sun, Dec 10, 2017 at 03:58:30PM +0100, Markus Koschany wrote:
> Am 10.12.2017 um 13:35 schrieb Salvatore Bonaccorso:
> [...]
> >>> and beeing accessible under
> >>> https://security-tracker.debian.org/tracker/distributions.json
> >>
> >> That makes as lot of sense! (I used YAML in
Hi,
On Sun, Dec 10, 2017 at 01:35:43PM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
>
> On Sun, Dec 10, 2017 at 12:59:05PM +0100, Guido Günther wrote:
> > Hi,
> > On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> > > Hi
> > >
> > > On Sun, Dec 10, 2017 at 10:00:55AM
Am 10.12.2017 um 13:35 schrieb Salvatore Bonaccorso:
[...]
>>> and beeing accessible under
>>> https://security-tracker.debian.org/tracker/distributions.json
>>
>> That makes as lot of sense! (I used YAML in the example for readability,
>> output of the tracker should be JSON). The main reason
Hi Guido,
On Sun, Dec 10, 2017 at 12:59:05PM +0100, Guido Günther wrote:
> Hi,
> On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> > Hi
> >
> > On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote:
> > > Hi
> > >
> > > Cc'ing explicitly Guido and Raphael,
Hi,
On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote:
> > Hi
> >
> > Cc'ing explicitly Guido and Raphael, who commented before.
> >
> > On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany
Hi
On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> Cc'ing explicitly Guido and Raphael, who commented before.
>
> On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wrote:
> > Hi,
> >
> > I have updated my patch for reportbug. Now emails are sent only to
Hi
Cc'ing explicitly Guido and Raphael, who commented before.
On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wrote:
> Hi,
>
> I have updated my patch for reportbug. Now emails are sent only to one
> of the team mailing lists based on the release number in the version
> string. There
Hi,
On Sat, Dec 09, 2017 at 03:28:09PM +0100, Markus Koschany wrote:
> Am 09.12.2017 um 15:21 schrieb Guido Günther:
> [...]
> > Looks good in principle. I would use a slightly different json format
> > though (using YAML for readability):
> >
> > wheezy:
> >major: 7
> >alias:
Am 09.12.2017 um 15:21 schrieb Guido Günther:
[...]
> Looks good in principle. I would use a slightly different json format
> though (using YAML for readability):
>
> wheezy:
>major: 7
>alias: oldoldstable
> jessy:
>major: 8
>alias: oldstable
> stretch:
>major: 9
>
Hi,
I have updated my patch for reportbug. Now emails are sent only to one
of the team mailing lists based on the release number in the version
string. There is apparently no simple way to determine the relationship
between release number, code name, suite and whether this is a LTS
release. So we
Hi,
On Wed, Dec 06, 2017 at 08:48:17AM +0100, Markus Koschany wrote:
> On Fri, 1 Dec 2017 09:28:26 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
> wrote:
> [...]
> > I would rather not make psql connections from reportbug. http is
> > ubiquitous and can be proxied. That's why I
On Wed, 6 Dec 2017 13:15:59 +0100 Raphael Geissert
wrote:
> Hi,
>
> On 6 Dec 2017 08:48, "Markus Koschany" wrote:
>
> I have updated the patch according to your suggestions. It's a bit
> strange that we can't match release numbers and code name already. I
Hi,
On 6 Dec 2017 08:48, "Markus Koschany" wrote:
I have updated the patch according to your suggestions. It's a bit
strange that we can't match release numbers and code name already. I
think it would be best to implement this feature somewhere else but for
the sake of moving
On Fri, 1 Dec 2017 09:28:26 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
wrote:
[...]
> I would rather not make psql connections from reportbug. http is
> ubiquitous and can be proxied. That's why I mentioned the security
> tracker. The nice thing about the security tracker is that we
Hi Markus,
On Thu, Nov 30, 2017 at 06:38:27PM +0100, Markus Koschany wrote:
> On Wed, 29 Nov 2017 22:49:55 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
> wrote:
> [...]
> > Can't we deduce if it's LTS from either the packages version number or from
> > /etc/debian_version. Once we
On Wed, 29 Nov 2017 22:49:55 +0100 Guido =?iso-8859-1?Q?G=FCnther?=
wrote:
[...]
> Can't we deduce if it's LTS from either the packages version number or from
> /etc/debian_version. Once we have the code name or number we could do a
> simple HTTP call to check if this is stable,
Hi Markus,
Great this is still moving forward!
On Wed, Nov 29, 2017 at 08:00:12PM +0100, Markus Koschany wrote:
> Hi!
[..snip..]
> I would prefer this solution. At the moment we check for the version
> string and I think that's sufficient for an initial check. The following
> actions should be
Hi!
On Wed, 29 Nov 2017 00:09:28 +0100 Raphael Geissert
wrote:
> Hi,
>
> On 9 October 2017 at 19:47, Markus Koschany wrote:
> [...]
> > If the bug is reported against a package with a version number that
> > indicates a security update like +deb7u1 or
Hi,
On 9 October 2017 at 19:47, Markus Koschany wrote:
[...]
> If the bug is reported against a package with a version number that
> indicates a security update like +deb7u1 or ~deb8u3, both team mailing
> lists should be added to CC after the bug reporter confirms that this
>
Hello,
I still haven't got a response for Debian bug #878088 and I wonder if we
should implement this feature in Wheezy (and Jessie/Stretch if the
security team agrees) now. Are there any objections, hints, recommendations?
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
Hi,
is there anything that we can do to help getting this into unstable?
Would it be ok to patch the reportbug versions in Wheezy, Jessie and
Stretch to use this feature?
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
___
Package: reportbug
Version: 7.1.7
Severity: wishlist
Tags: patch
Hi,
the Debian LTS Team and the Debian Security Team would like to propose
a new feature for reportbug.
We discussed this at DebConf 17 during the LTS BoF and shortly on
debian-lts [1] that it would make sense to inform both
37 matches
Mail list logo