[Reportbug-maint] Bug#878088: reportbug: please inform security and lts teams about security update regressions
Markus Koschany
apo at debian.org
Wed Jan 24 16:21:34 UTC 2018
Am 24.01.2018 um 16:56 schrieb Nis Martensen:
> Let me describe my suggestion in more detail:
>
> - Instead of having the "is this a security version" check
> implemented directly in bin/reportbug as a version number check, there
> could be a new function "is_security_update(package, version)" in
> reportbug/utils.py. You can move the version number check there to
> quickly decide if this is definitely no security version.
>
> - The point of the apt-cache idea was to try harder to avoid asking
> the user unnecessary questions. So this could be included in the new
> function. Your question will still be asked, but only if the evidence
> that the package actually is a security update is stronger.
I currently don't know how I should implement the apt-cache idea in
reportbug/utils.py. Before I start working on that I want to be assured
that this will be the final change and we can finally reach consensus.
> To avoid the sys.exit completely, you could just move the seven lines
> starting with data = r.json() inside the try: clause?
If the retrieval of distributions.json fails, the lts and security teams
will not be informed despite the fact that the user previously confirmed
"this is a regression due to a security update". Would it not be better
to quit here and let her try it again instead of continuing with the bug
report as if nothing has happened?
>
> Please be optimistic: the feedback loop is short now, so we might
> arrive at something acceptable to Sandro soon, and then you'll have
> your notifications.
I don't see that you are listed as the maintainer or uploader of
reportbug. I appreciate your comments but if you don't make the final
decision it would be more helpful to provide the actual code.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20180124/f9ccf79e/attachment.sig>
More information about the Reportbug-maint
mailing list