[Secure-testing-commits] r32318 - / bin templates

Raphaël Hertzog hertzog at moszumanska.debian.org
Wed Feb 18 17:04:21 UTC 2015


Author: hertzog
Date: 2015-02-18 17:04:21 +0000 (Wed, 18 Feb 2015)
New Revision: 32318

Added:
   bin/contact-maintainers
   templates/
   templates/lts-no-dsa.txt
   templates/lts-update-planned.txt
Log:
Add a new helper script to contact package maintainers

For now I have only provided sample templates for the LTS team, but
everything is ready if the security team wants to use it too.

Added: bin/contact-maintainers
===================================================================
--- bin/contact-maintainers	                        (rev 0)
+++ bin/contact-maintainers	2015-02-18 17:04:21 UTC (rev 32318)
@@ -0,0 +1,83 @@
+#!/usr/bin/python
+
+import argparse
+import os
+import pwd
+import subprocess
+import tempfile
+
+from jinja2 import Template
+
+
+def get_full_name():
+    full_name = os.getenv('DEBFULLNAME')
+    if full_name:
+        return full_name.decode('utf-8')
+    return pwd.getpwuid(os.getuid()).pw_gecos.split(',')[0].decode('utf-8')
+
+
+def get_source_field(pkg, name):
+    # XXX: retrieve data in a more reliable way
+    cmd = 'apt-cache showsrc {}|grep ^{}:|tail -n 1'.format(
+        pkg, name.capitalize())
+    output = subprocess.check_output(cmd, shell=True).strip()
+    if output:
+        return output.decode('utf-8').split(': ')[1]
+    return ''
+
+
+def get_maintainer(pkg):
+    return get_source_field(pkg, 'Maintainer')
+
+
+def get_uploaders(pkg):
+    return get_source_field(pkg, 'Uploaders')
+
+
+# Parse command line
+parser = argparse.ArgumentParser(
+    description='Get in touch with package maintainers')
+parser.add_argument('--lts', action='store_true',
+                    help='Act as a member of the LTS team')
+parser.add_argument('--no-dsa', dest='no_dsa', action='store_true',
+                    help='Act as a member of the LTS team')
+parser.add_argument('--mailer', action='store', default='mutt -H {}',
+                    help='Command executed. Must contain {} to be replaced '
+                    'by the filename of the draft contact mail')
+parser.add_argument('package')
+parser.add_argument('cve', nargs='*')
+args = parser.parse_args()
+
+cc = 'debian-lts at lists.debian.org' if args.lts else 'team at security.debian.org'
+team = 'lts' if args.lts else 'sec'
+model = 'no-dsa' if args.no_dsa else 'update-planned'
+template_file = 'templates/{}-{}.txt'.format(team, model)
+
+# Generate the context
+
+# XXX: Once that 761859 is fixed, improve the logic here to:
+# - retrieve the current list of CVE dynamically
+# - check whether we should use the no-dsa variant of the template
+# - check whether we have an open bug report, in which case we should
+#   include it in the recipients of the mail
+
+context = {
+    'package': args.package,
+    'sender': get_full_name(),
+    'cve': args.cve,
+    'to': get_maintainer(args.package),
+    'cc': cc,
+    'uploaders': get_uploaders(args.package),
+}
+
+# Generate the mail
+with open(template_file) as f:
+    template = Template(f.read().decode('utf-8'))
+
+fd, filename = tempfile.mkstemp(prefix='contact-maintainers', suffix='.txt')
+draft = os.fdopen(fd, 'w')
+draft.write(template.render(context).encode('utf-8'))
+draft.close()
+
+os.system(args.mailer.format(filename))
+os.unlink(filename)


Property changes on: bin/contact-maintainers
___________________________________________________________________
Added: svn:executable
   + *

Added: templates/lts-no-dsa.txt
===================================================================
--- templates/lts-no-dsa.txt	                        (rev 0)
+++ templates/lts-no-dsa.txt	2015-02-18 17:04:21 UTC (rev 32318)
@@ -0,0 +1,41 @@
+To: {{ to }}
+Cc: {{ cc }}
+Subject: About the security issues affecting {{ package }} in Squeeze
+
+# XXX: Decide whether you want to put some of those persons in copy and
+# then drop this comment
+# Uploaders: {{ uploaders}}
+
+Hello dear maintainer(s),
+
+the Debian LTS team recently reviewed the security issue(s) affecting your
+package in Squeeze:
+{%- if cve -%}
+{% for entry in cve %}
+https://security-tracker.debian.org/tracker/{{ entry }}
+{%- endfor -%}
+{%- else %}
+https://security-tracker.debian.org/tracker/source-package/{{ package }}
+{%- endif %}
+
+We decided that we would not prepare a squeeze security update (usually
+because the security impact is low and that we concentrate our limited
+resources on higher severity issues and on the most widely used packages).
+That said the squeeze users would most certainly benefit from a fixed
+package.
+
+If you want to work on such an update, you're welcome to do so. Please
+try to follow the workflow we have defined here:
+http://wiki.debian.org/LTS/Development
+
+If that workflow is a burden to you, feel free to just prepare an
+updated source package and send it to debian-lts at lists.debian.org
+(via a debdiff, or with an URL pointing to the the source package,
+or even with a pointer to your packaging repository), and the members
+of the LTS team will take care of the rest. However please make sure to
+submit a tested package.
+
+Thank you very much.
+
+{{ sender }},
+  on behalf of the Debian LTS team.

Added: templates/lts-update-planned.txt
===================================================================
--- templates/lts-update-planned.txt	                        (rev 0)
+++ templates/lts-update-planned.txt	2015-02-18 17:04:21 UTC (rev 32318)
@@ -0,0 +1,45 @@
+To: {{ to }}
+Cc: {{ cc }}
+Subject: squeeze update of {{ package }}?
+
+# XXX: Decide whether you want to put some of those persons in copy and
+# then drop this comment
+# Uploaders: {{ uploaders}}
+
+Hello dear maintainer(s),
+
+the Debian LTS team would like to fix the security issues which are
+currently open in the Squeeze version of your package:
+{%- if cve -%}
+{% for entry in cve %}
+https://security-tracker.debian.org/tracker/{{ entry }}
+{%- endfor -%}
+{%- else %}
+https://security-tracker.debian.org/tracker/source-package/{{ package }}
+{%- endif %}
+
+Would you like to take care of this yourself?
+
+If yes, please follow the workflow we have defined here:
+http://wiki.debian.org/LTS/Development
+
+If that workflow is a burden to you, feel free to just prepare an
+updated source package and send it to debian-lts at lists.debian.org
+(via a debdiff, or with an URL pointing to the the source package,
+or even with a pointer to your packaging repository), and the members
+of the LTS team will take care of the rest. Indicate clearly whether you
+have tested the updated package or not.
+
+If you don't want to take care of this update, it's not a problem, we
+will do our best with your package. Just let us know whether you would
+like to review and/or test the updated package before it gets released.
+
+Thank you very much.
+
+{{ sender }},
+  on behalf of the Debian LTS team.
+
+PS: A member of the LTS team might start working on this update at
+any point in time. You can verify whether someone is registered
+on this update in this file:
+https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup




More information about the Secure-testing-commits mailing list