[Reportbug-maint] Bug#878088: Bug#878088: Bug#878088: reportbug: please inform security and lts teams about security update regressions
Markus Koschany
apo at debian.org
Wed Jan 24 14:49:31 UTC 2018
Please find attached the updated version of the patch.
Now the patch checks for --offline mode and skips the section if this is
true.
The --timeout flag is honored and passed to requests.
The listcc bug is fixed. It turned out that the email_address was a
string and not a list anymore. The extend function works but I changed
it to += like it is used in the rest of the code.
Please advise how an exception should be handled if
security-tracker.debian.org is not reachable. I clarified the error
message but the sys.exit(1) command is still used. Please let me know if
you have implemented some form of network exception handling already and
how it can be used, although I feel the error message is clear now.
Regards,
Markus
-------------- next part --------------
diff -Nru reportbug-7.1.8/bin/reportbug reportbug-7.1.8+nmu1/bin/reportbug
--- reportbug-7.1.8/bin/reportbug 2017-12-29 05:25:43.000000000 +0100
+++ reportbug-7.1.8+nmu1/bin/reportbug 2018-01-23 20:43:14.000000000 +0100
@@ -32,6 +32,8 @@
import optparse
import re
import locale
+import requests
+import json
import subprocess
import shlex
import email
@@ -1926,6 +1928,36 @@
listcc += ui.get_multiline(
'Enter any additional addresses this report should be sent to; press ENTER after each address.')
+ # If the bug is reported against a package with a version that
+ # indicates a security update add the security or lts team to CC
+ # after user confirmation
+ is_security_update = False
+ if pkgversion and not self.options.offline:
+ regex = re.compile('(\+|~)deb(\d+)u(\d+)')
+ secversion = regex.search(pkgversion)
+ if secversion:
+ if ui.yes_no('Do you want to report a regression because of a security update? ',
+ 'Yes, please inform the LTS and security teams.',
+ 'No or I am not sure.', True):
+ is_security_update = True
+ distnumber = secversion[2]
+ try:
+ r = requests.get('https://security-tracker.debian.org/tracker/distributions.json',
+ timeout=self.options.timeout)
+ except requests.exceptions.RequestException:
+ print('Unable to connect to security-tracker.debian.org. Please try again later.')
+ sys.exit(1)
+ data = r.json()
+ support = 'none'
+ email_address = []
+ for key, value in data.items():
+ if distnumber == value['major-version']:
+ support = value['support']
+ email_address = value['contact']
+
+ if is_security_update and support != 'none':
+ listcc += [email_address]
+
if severity and rtype:
severity = debbugs.convert_severity(severity, rtype)
diff -Nru reportbug-7.1.8/debian/changelog reportbug-7.1.8+nmu1/debian/changelog
--- reportbug-7.1.8/debian/changelog 2017-12-29 05:25:43.000000000 +0100
+++ reportbug-7.1.8+nmu1/debian/changelog 2018-01-23 20:43:14.000000000 +0100
@@ -1,3 +1,10 @@
+reportbug (7.1.8+nmu1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ *
+
+ -- Markus Koschany <apo at debian.org> Tue, 23 Jan 2018 20:43:14 +0100
+
reportbug (7.1.8) unstable; urgency=medium
* reportbug/debbugs.py
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20180124/fc49b67f/attachment-0001.sig>
More information about the Reportbug-maint
mailing list