#588064 Parse config file before option checking

Package:
debsecan
Source:
debsecan
Submitter:
Jörg Sommer
Date:
2026-02-26 12:33:04 UTC
Severity:
wishlist
Tags:
#588064#5
Date:
2010-07-04 13:02:48 UTC
From:
To:
Hi,

if debsecan reads the config file before it checks the validity of the
options, the suite option must not be set at command line, but its value
is read from the config file. This way I can add the option --only-fixed
to the call in the cron script, without the need to set the option
--suite.

diff --git a/debsecan b/debsecan
index 7ef7deb..dc45de7 100755
--- a/debsecan
+++ b/debsecan
@@ -353,6 +353,13 @@ def parse_cli():

     process_whitelist_options()

+    config = read_config(options.config)
+    if options.cron and not options.mailto:
+        options.mailto = config.get('MAILTO', '')
+        if options.mailto == '':
+            options.mailto = 'root'
+    options.suite = options.suite or config.get('SUITE', None)
+
     if options.cron:
         options.format = 'report'
         options.update_history = True
@@ -373,12 +380,6 @@ def parse_cli():
         sys.exit(1)
     options.need_history = options.format == 'report'

-    config = read_config(options.config)
-    if options.cron and not options.mailto:
-        options.mailto = config.get('MAILTO', '')
-        if options.mailto == '':
-            options.mailto = 'root'
-    options.suite = options.suite or config.get('SUITE', None)
     if options.suite == 'GENERIC':
         options.suite = None
     options.subject = config.get(

#588064#10
Date:
2026-02-26 12:31:18 UTC
From:
To:
Hi Florian,

since debsecan came up as a candidate for the bug of the day.
I have verified bugs tagged patch.  I left

   #470065 debsecan: Better report for backports
   #588064 Parse config file before option checking
   #725934 debsecan: automatically add apt pinning for packages with security issues

untouched (submitters of patches in CC) since the package is now several
versions ahead.  I would prefer if submitters could verify the patches
and possibly provide MRs.  For this purpose and to enable you checking
what exactly was NMUed I migrated the package to Salsa at

https://salsa.debian.org/debian/debsecan

If you do not agree with the Salsa migration please update your clone
that used to be at gitlab and I will cancel the upload - and for sure
let me know if you have other reasons for making me cancel the upload
to delayed=15.

Kind regards
    Andreas.