Debian Bug report logs - #660190
security-tracker: add per-maintainer page (with half-baked patch)

Package: security-tracker; Maintainer for security-tracker is Debian Security Tracker Team <debian-security-tracker@lists.debian.org>;

Reported by: Paul Wise <pabs@debian.org>

Date: Fri, 17 Feb 2012 10:09:06 UTC

Severity: wishlist

Tags: help

Merged with 507303

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Fri, 17 Feb 2012 10:09:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Fri, 17 Feb 2012 10:09:10 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: security-tracker: add per-maintainer page (with half-baked patch)
Date: Fri, 17 Feb 2012 17:36:00 +0800
[Message part 1 (text/plain, inline)]
Package: security-tracker
Severity: wishlist

The attached patch implements a first pass at a per-maintainer page of
security issues. It involves some database schema changes to it will
require a full reimport of all the data.

My SQL knowledge isn't great, so there are some deficiencies:

I'm not sure if the adding another table is the right way to go, nor if
I used the right table name.

I'm not sure if the getBugsForMaintainer is correct, especially wrt
version numbers/releases/etc.

I am not sure how to implement a getDSAsForMaintainer function to add
DSAs related to the maintainer at the bottom of the page.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

[patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 507303 660190. Request was from Paul Wise <pabs@debian.org> to control@bugs.debian.org. (Fri, 17 Feb 2012 10:15:26 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Mon, 12 Mar 2012 02:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Mon, 12 Mar 2012 02:06:03 GMT) Full text and rfc822 format available.

Message #12 received at 660190@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: 660190@bugs.debian.org
Subject: Re: security-tracker: add per-maintainer page (with half-baked patch)
Date: Mon, 12 Mar 2012 10:02:49 +0800
[Message part 1 (text/plain, inline)]
On Fri, 2012-02-17 at 17:36 +0800, Paul Wise wrote:

> The attached patch implements a first pass at a per-maintainer page of
> security issues. It involves some database schema changes to it will
> require a full reimport of all the data.

Does anyone have some time to review my patch?

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Tue, 13 Mar 2012 01:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 13 Mar 2012 01:21:05 GMT) Full text and rfc822 format available.

Message #17 received at 660190@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 660190@bugs.debian.org, 660190-submitter@bugs.debian.org
Subject: Re: Bug#660190: security-tracker: add per-maintainer page (with half-baked patch)
Date: Mon, 12 Mar 2012 21:16:38 -0400
On Sun, Mar 11, 2012 at 10:02 PM, Paul Wise wrote:
> On Fri, 2012-02-17 at 17:36 +0800, Paul Wise wrote:
>
>> The attached patch implements a first pass at a per-maintainer page of
>> security issues. It involves some database schema changes to it will
>> require a full reimport of all the data.
>
> Does anyone have some time to review my patch?

At a cursory glance, this seems more complicated that it needs to be.
You're creating an "id" for each source package, but that is redundant
since the package name itself is a unique id.

All you should need is a table with only sourcepkg names and
maintainer fields.  Then  when you process a view on (for example) a
maintainer page you can step through all sourcepkg names listed as
associated with that maintainer via that table.

Also, why is "c.execute("PRAGMA foreign_keys=ON")" necessary?

There is also a debugging print statement.

Best wishes,
Mike




Message sent on to Paul Wise <pabs@debian.org>:
Bug#660190. (Tue, 13 Mar 2012 01:21:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Tue, 13 Mar 2012 02:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 13 Mar 2012 02:09:03 GMT) Full text and rfc822 format available.

Message #25 received at 660190@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: 660190@bugs.debian.org
Subject: Re: Bug#660190: security-tracker: add per-maintainer page (with half-baked patch)
Date: Tue, 13 Mar 2012 10:06:27 +0800
[Message part 1 (text/plain, inline)]
On Mon, 2012-03-12 at 21:16 -0400, Michael Gilbert wrote:

> Also, why is "c.execute("PRAGMA foreign_keys=ON")" necessary?

sqlite doesn't enforce foreign key constraints by default:

https://sqlite.org/foreignkeys.html#fk_enable

I'm using those to ensure maintainers are deleted when source packages
are deleted from the database.

> At a cursory glance, this seems more complicated that it needs to be.
> You're creating an "id" for each source package, but that is redundant
> since the package name itself is a unique id.
> 
> All you should need is a table with only sourcepkg names and
> maintainer fields.  Then  when you process a view on (for example) a
> maintainer page you can step through all sourcepkg names listed as
> associated with that maintainer via that table.

The source package name is definitely not unique since there are
multiple suites that could have a line in the source package table.

I'm not sure if the foreign key stuff would work with non-numeric keys.

If a package gets removed from sid, we still want the issues present in
stable to be listed on the maintainer's page. Going with your suggestion
would mean that we would not know which maintainers to remove when a
package is deleted from one particular suite.

> There is also a debugging print statement.
> 
Removed in my local checkout.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Tue, 13 Mar 2012 03:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 13 Mar 2012 03:00:03 GMT) Full text and rfc822 format available.

Message #30 received at 660190@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 660190-submitter@bugs.debian.org, 660190@bugs.debian.org
Subject: Re: Bug#660190: security-tracker: add per-maintainer page (with half-baked patch)
Date: Mon, 12 Mar 2012 22:56:53 -0400
On Mon, Mar 12, 2012 at 10:06 PM, Paul Wise <pabs@debian.org> wrote:
> On Mon, 2012-03-12 at 21:16 -0400, Michael Gilbert wrote:
>
>> Also, why is "c.execute("PRAGMA foreign_keys=ON")" necessary?
>
> sqlite doesn't enforce foreign key constraints by default:
>
> https://sqlite.org/foreignkeys.html#fk_enable
>
> I'm using those to ensure maintainers are deleted when source packages
> are deleted from the database.

There is a removed_packages table that you can use to check whether
the package is currently in debian or not.

>> At a cursory glance, this seems more complicated that it needs to be.
>> You're creating an "id" for each source package, but that is redundant
>> since the package name itself is a unique id.
>>
>> All you should need is a table with only sourcepkg names and
>> maintainer fields.  Then  when you process a view on (for example) a
>> maintainer page you can step through all sourcepkg names listed as
>> associated with that maintainer via that table.
>
> The source package name is definitely not unique since there are
> multiple suites that could have a line in the source package table.

It's still the same source package.  You could step through each suite
separately on the maintainer pages since yes they will each have
different sets of issues.

> I'm not sure if the foreign key stuff would work with non-numeric keys.

Foreign keys should not be necessary at all.

> If a package gets removed from sid, we still want the issues present in
> stable to be listed on the maintainer's page. Going with your suggestion
> would mean that we would not know which maintainers to remove when a
> package is deleted from one particular suite.

You could limit results by checking that the release is in a supported
release (squeeze,wheezy,sid).  All packages are considered in the
archive until they're not in any release.

But I really think you want a listing of issues per suite per maintainer.

Best wishes,
Mike




Message sent on to Paul Wise <pabs@debian.org>:
Bug#660190. (Tue, 13 Mar 2012 03:00:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#660190; Package security-tracker. (Sun, 18 Mar 2012 05:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Sun, 18 Mar 2012 05:36:03 GMT) Full text and rfc822 format available.

Message #38 received at 660190@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: 660190@bugs.debian.org
Subject: Re: Bug#660190: security-tracker: add per-maintainer page (with half-baked patch)
Date: Sun, 18 Mar 2012 13:32:16 +0800
[Message part 1 (text/plain, inline)]
On Mon, 2012-03-12 at 22:56 -0400, Michael Gilbert wrote:
> 
> There is a removed_packages table that you can use to check whether
> the package is currently in debian or not.

The foreign key stuff is not about whether or not the package is in
Debian, just about deleting maintainer information when packages are
removed from the database.

> It's still the same source package.  You could step through each suite
> separately on the maintainer pages since yes they will each have
> different sets of issues.

> You could limit results by checking that the release is in a supported
> release (squeeze,wheezy,sid).  All packages are considered in the
> archive until they're not in any release.
> 
> But I really think you want a listing of issues per suite per
> maintainer.

Feel free to update the patch to do that, I don't have any more time to
spend on this.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]

Added tag(s) help. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 24 Oct 2013 05:39:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 13:06:42 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.