[Git][security-tracker-team/security-tracker][master] 2 commits: bin/contact-maintainers: Provide mail template for LTS updates of minor issues.

Salvatore Bonaccorso carnil at debian.org
Fri Aug 30 14:29:07 BST 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker

187f7774 by Mike Gabriel at 2019-08-30T10:40:46Z
bin/contact-maintainers: Provide mail template for LTS updates of minor issues.

 As the LTS team also sometimes works on packages with only <no-dsa>
 issues open, it might be good to also inform package maintainers about

 This adds an ltsp-update-planned-minor.txt mail template plus a command
 line option (--minor) that LTS front desk people can use if they choose
 to add a package to dla-needed.txt with <no-dsa> issues only.

- - - - -
dd7c30ed by Salvatore Bonaccorso at 2019-08-30T13:28:54Z
Merge branch 'sunweaver/security-tracker-mr/contact-maintainer-minor-issue-updates'

- - - - -

2 changed files:

- bin/contact-maintainers
- + templates/lts-update-planned-minor.txt


@@ -73,6 +73,8 @@ parser.add_argument('--lts', action='store_true',
                     help='Act as a member of the LTS team')
 parser.add_argument('--no-dsa', dest='no_dsa', action='store_true',
                     help='Say that issues are low severity (no need for DSA/DLA)')
+parser.add_argument('--minor', dest='minor_issues', action='store_true',
+                    help='Say that issues are low severity and someone will work on them (LTS team only)')
 parser.add_argument('--mailer', action='store', default='mutt -H {}',
                     help='Command executed. Must contain {} to be replaced '
                     'by the filename of the draft contact mail')
@@ -83,7 +85,8 @@ args = parser.parse_args()
 cc = 'debian-lts at lists.debian.org' if args.lts else 'team at security.debian.org'
 team = 'lts' if args.lts else 'sec'
 model = 'no-dsa' if args.no_dsa else 'update-planned'
-template_file = 'templates/{}-{}.txt'.format(team, model)
+minor = '-minor' if args.minor_issues and args.lts else ''
+template_file = 'templates/{}-{}{}.txt'.format(team, model, minor)
 # Basic check
 instructions = "packages/{}.txt".format(args.package)

@@ -0,0 +1,40 @@
+Content-Type: text/plain; charset=utf-8
+To: {{ to }}
+Cc: {{ cc }}
+Subject: Jessie update of {{ package }} (minor security issues)?
+The Debian LTS team recently reviewed the security issue(s) affecting your
+package in Jessie:
+{%- if cve -%}
+{% for entry in cve %}
+https://security-tracker.debian.org/tracker/{{ entry }}
+{%- endfor -%}
+{%- else %}
+https://security-tracker.debian.org/tracker/source-package/{{ package }}
+{%- endif %}
+We decided that a member of the LTS team should take a look at this
+package, although the security impact of still open issues is low. When
+resources are available on our side, one of the LTS team members will
+start working on fixes for those minor security issues, as we think that
+the jessie users would most certainly benefit from a fixed package.
+If you'd rather want to work on such an update yourself, you're welcome
+to do so. Please send us a short notification to the debian-lts mailing
+list (debian-lts at lists.debian.org), expressing your intention to work on
+issues yourself. Otherwise, no action is required from your side.
+When working on issues, please try to follow the workflow we have defined
+here: https://wiki.debian.org/LTS/Development
+If that workflow is a burden to you, feel free to just prepare an
+updated source package and send it to debian-lts at lists.debian.org (via a
+debdiff, or with an URL pointing to the source package, or even with a
+pointer to your packaging repository), and the members of the LTS team
+will take care of the rest. However please make sure to submit a tested
+Thank you very much.
+{{ sender }},
+  on behalf of the Debian LTS team.

View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8b42ec2350d3fb1ab2e7efd22e7ea891a1c572a...dd7c30edac0cef176af351af019030fff0edf34a

View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e8b42ec2350d3fb1ab2e7efd22e7ea891a1c572a...dd7c30edac0cef176af351af019030fff0edf34a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/40b376ed/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list