Debian Bug report logs - #783491
security-tracker: document what needs to be done on releases and other archive changes

Package: security-tracker; Maintainer for security-tracker is Debian Security Tracker Team <debian-security-tracker@lists.debian.org>;

Reported by: Holger Levsen <holger@layer-acht.org>

Date: Mon, 27 Apr 2015 13:09:01 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Mon, 27 Apr 2015 13:09:06 GMT) (full text, mbox, link).

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
New Bug report received and forwarded. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Mon, 27 Apr 2015 13:09:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>
To: submit@bugs.debian.org
Subject: security-tracker: document what needs to be done on releases and other archive changes
Date: Mon, 27 Apr 2015 15:07:34 +0200
[Message part 1 (text/plain, inline)]
package: security-tracker
severity: wishlist

Hi,

3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing what 
needs to be done on upgrades, specifically these files need to be updated:

Makefile	 	# search for release-names
bin/tracker_data.py	# search for release-names
bin/tracker_service.py	# search for release-names and "-backports"
lib/python/debian_support.py	# search for release-names
lib/python/dist_config.py	# search for release-names
lib/python/security_db.py	# search for release-names

This should be documented in doc/README.releases. (And now I have this I'm 
pondering to just do and not file this bug... but that's 5 more minutes, 
so...)

And also rather obviously, this could (+should) be trimmed down by refactoring 
- or a rewrite ;-)


cheers,
	Holger

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Mon, 27 Apr 2015 17:42:09 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Mon, 27 Apr 2015 17:42:09 GMT) (full text, mbox, link).

Message #10 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>
To: Holger Levsen <holger@layer-acht.org>, 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Mon, 27 Apr 2015 19:38:34 +0200
[Message part 1 (text/plain, inline)]
On Mon, 27 Apr 2015 15:07:34 +0200 Holger Levsen wrote:

[...]
> 3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing what 
> needs to be done on upgrades

Hi Holger,
I am sorry to ask, but... is this commit supposed to be already live?

I am asking since I still see a tracker situation inconsistent with the
release of jessie.
For instance the testing [1] status page lists, among several other
vulnerabilities:

chromium-browser	CVE-2015-1237	high**	yes	fixed in testing-security

but the corresponding page [2] states that the security issue is fixed
in jessie (security), stretch, and sid.

[1] https://security-tracker.debian.org/tracker/status/release/testing
[2] https://security-tracker.debian.org/tracker/CVE-2015-1237

I am under the impression that the testing [1] status page is still
actually talking about jessie, rather than stretch...


-- 
 http://www.inventati.org/frx/
 fsck is a four letter word...
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Mon, 27 Apr 2015 18:03:05 GMT) (full text, mbox, link).

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Mon, 27 Apr 2015 18:03:05 GMT) (full text, mbox, link).

Message #15 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>
To: Francesco Poli <invernomuto@paranoici.org>, 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Mon, 27 Apr 2015 19:59:16 +0200
[Message part 1 (text/plain, inline)]
Hi Francesco,

On Montag, 27. April 2015, Francesco Poli wrote:
> > 3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing
> I am sorry to ask, but... is this commit supposed to be already live?

yes it is.
 
> I am asking since I still see a tracker situation inconsistent with the
> release of jessie.

I'd suggest to let this post-release situation resolve itself a bit (eg I also 
see inconsistencies on packages.qa.d.o and tracker.d.o), do some jessie 
installations or upgrades (+file bugs there if you encounter them), be happy 
about the release and look at again at the security-tracker in a day or two.


cheers,
	Holger

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Fri, 01 May 2015 09:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Fri, 01 May 2015 09:24:05 GMT) (full text, mbox, link).

Message #20 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>
To: Holger Levsen <holger@layer-acht.org>, 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Fri, 1 May 2015 11:20:26 +0200
[Message part 1 (text/plain, inline)]
On Mon, 27 Apr 2015 19:59:16 +0200 Holger Levsen wrote:

[..]
> On Montag, 27. April 2015, Francesco Poli wrote:
[...]
> > I am asking since I still see a tracker situation inconsistent with the
> > release of jessie.
> 
> I'd suggest to let this post-release situation resolve itself a bit (eg I also 
> see inconsistencies on packages.qa.d.o and tracker.d.o)
[...]
> and look at again at the security-tracker in a day or two.

The tracker situation still seems to be broken to me...


-- 
 http://www.inventati.org/frx/
 fsck is a four letter word...
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Mon, 04 May 2015 22:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Mon, 04 May 2015 22:45:05 GMT) (full text, mbox, link).

Message #25 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>
To: Holger Levsen <holger@layer-acht.org>, 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Tue, 5 May 2015 00:41:17 +0200
[Message part 1 (text/plain, inline)]
On Fri, 1 May 2015 11:20:26 +0200 Francesco Poli wrote:

[...]
> The tracker situation still seems to be broken to me...

Still broken...

-- 
 http://www.inventati.org/frx/
 There's not a second to lose! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Tue, 05 May 2015 04:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 05 May 2015 04:51:04 GMT) (full text, mbox, link).

Message #30 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Francesco Poli <invernomuto@paranoici.org>, 783491@bugs.debian.org
Cc: Holger Levsen <holger@layer-acht.org>
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Tue, 5 May 2015 06:49:32 +0200
Hi

I think two more changes were actually needed to get the testing
status view show the correct information: r34072 and 34073.

https://security-tracker.debian.org/tracker/status/release/testing

should look better now.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Tue, 05 May 2015 09:09:10 GMT) (full text, mbox, link).

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 05 May 2015 09:09:10 GMT) (full text, mbox, link).

Message #35 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Tue, 5 May 2015 11:04:38 +0200
[Message part 1 (text/plain, inline)]
Hi Salvatore,

On Dienstag, 5. Mai 2015, Salvatore Bonaccorso wrote:
> I think two more changes were actually needed to get the testing
> status view show the correct information: r34072 and 34073.

good catch, thanks!


cheers,
	Holger

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Tue, 05 May 2015 21:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Francesco Poli <invernomuto@paranoici.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Tue, 05 May 2015 21:33:04 GMT) (full text, mbox, link).

Message #40 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Francesco Poli <invernomuto@paranoici.org>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 783491@bugs.debian.org, Holger Levsen <holger@layer-acht.org>
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Tue, 5 May 2015 23:28:15 +0200
[Message part 1 (text/plain, inline)]
On Tue, 5 May 2015 06:49:32 +0200 Salvatore Bonaccorso wrote:

[...]
> https://security-tracker.debian.org/tracker/status/release/testing
> 
> should look better now.

Yes, it seems to be much more plausible!   ;-)

Thanks a lot.

-- 
 http://www.inventati.org/frx/
 There's not a second to lose! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Security Tracker Team <debian-security-tracker@lists.debian.org>:
Bug#783491; Package security-tracker. (Fri, 08 May 2015 17:15:08 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Security Tracker Team <debian-security-tracker@lists.debian.org>. (Fri, 08 May 2015 17:15:08 GMT) (full text, mbox, link).

Message #45 received at 783491@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 783491@bugs.debian.org
Subject: Re: Bug#783491: security-tracker: document what needs to be done on releases and other archive changes
Date: Fri, 8 May 2015 19:11:17 +0200
Hi all,

FTR/for documentation: I as well reverted a change to
bin/add-dsa-needed.sh since it otherwise looked as well at
oldoldstable and generated "wrong" suggestions for addition to
dsa-needed.txt. (r34131)

Reference is added as well in
https://wiki.debian.org/SuitesAndReposExtension#secure-testing

Regards,
Salvatore

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Jan 11 03:50:48 2024; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.