#783491 security-tracker: document what needs to be done on releases and other archive changes #783491
- Package:
- security-tracker
- Source:
- security-tracker
- Submitter:
- Holger Levsen
- Date:
- 2015-05-08 17:15:08 UTC
- Severity:
- wishlist
package: security-tracker severity: wishlist Hi, 3fa31ab2a22a7e6db606899ca3ee6cb45a7884d1 / svnr33868 is commit showing what needs to be done on upgrades, specifically these files need to be updated: Makefile # search for release-names bin/tracker_data.py # search for release-names bin/tracker_service.py # search for release-names and "-backports" lib/python/debian_support.py # search for release-names lib/python/dist_config.py # search for release-names lib/python/security_db.py # search for release-names This should be documented in doc/README.releases. (And now I have this I'm pondering to just do and not file this bug... but that's 5 more minutes, so...) And also rather obviously, this could (+should) be trimmed down by refactoring - or a rewrite ;-) cheers, Holger
On Mon, 27 Apr 2015 15:07:34 +0200 Holger Levsen wrote: [...] Hi Holger, I am sorry to ask, but... is this commit supposed to be already live? I am asking since I still see a tracker situation inconsistent with the release of jessie. For instance the testing [1] status page lists, among several other vulnerabilities: chromium-browser CVE-2015-1237 high** yes fixed in testing-security but the corresponding page [2] states that the security issue is fixed in jessie (security), stretch, and sid. [1] https://security-tracker.debian.org/tracker/status/release/testing [2] https://security-tracker.debian.org/tracker/CVE-2015-1237 I am under the impression that the testing [1] status page is still actually talking about jessie, rather than stretch...
Hi Francesco, yes it is. I'd suggest to let this post-release situation resolve itself a bit (eg I also see inconsistencies on packages.qa.d.o and tracker.d.o), do some jessie installations or upgrades (+file bugs there if you encounter them), be happy about the release and look at again at the security-tracker in a day or two. cheers, Holger
On Mon, 27 Apr 2015 19:59:16 +0200 Holger Levsen wrote: [..] [...] [...] The tracker situation still seems to be broken to me...
On Fri, 1 May 2015 11:20:26 +0200 Francesco Poli wrote: [...] Still broken...
Hi I think two more changes were actually needed to get the testing status view show the correct information: r34072 and 34073. https://security-tracker.debian.org/tracker/status/release/testing should look better now. Regards, Salvatore
Hi Salvatore, good catch, thanks! cheers, Holger
On Tue, 5 May 2015 06:49:32 +0200 Salvatore Bonaccorso wrote: [...] Yes, it seems to be much more plausible! ;-) Thanks a lot.
Hi all, FTR/for documentation: I as well reverted a change to bin/add-dsa-needed.sh since it otherwise looked as well at oldoldstable and generated "wrong" suggestions for addition to dsa-needed.txt. (r34131) Reference is added as well in https://wiki.debian.org/SuitesAndReposExtension#secure-testing Regards, Salvatore