[Git][security-tracker-team/security-tracker][master] 11 commits: add-dsa-needed: Only list packages for stable for dsa-needed list

Salvatore Bonaccorso carnil at debian.org
Sun Jul 5 19:41:28 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2372677a by Salvatore Bonaccorso at 2020-06-20T13:38:25+02:00
add-dsa-needed: Only list packages for stable for dsa-needed list

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
44135a78 by Salvatore Bonaccorso at 2020-06-20T13:38:25+02:00
DLA template: Switch to mention stretch as the LTS release

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
51f2d42c by Salvatore Bonaccorso at 2020-06-20T13:38:25+02:00
DSA template: Do not mention the oldstable distribution

Support by Debian security team for stretch/oldstable is moving to the
LTS team and no further updates are issued for stretch/oldstable via a
DSA.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
980d45db by Salvatore Bonaccorso at 2020-06-20T13:40:08+02:00
security-team overview: Do not mention stretch-security anymore

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
c19c9177 by Salvatore Bonaccorso at 2020-06-20T13:43:16+02:00
config.json: Reduce list of supported architectures for stretch under LTS support

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
345d6e15 by Salvatore Bonaccorso at 2020-06-20T14:00:43+02:00
config.json: Drop jessie as supported releases

This moves effectively stretch to the LTS team via the supported
releases moving.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
d970a44e by Salvatore Bonaccorso at 2020-06-20T14:00:43+02:00
distributions.json: Move support of stretch to LTS team

distributions.json is used by reportbug to decide where to redirect
potential regression reports. Move support for stretch to the LTS team.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
09421fb3 by Salvatore Bonaccorso at 2020-06-20T14:00:43+02:00
distributions.json: Drop contact information for jessie

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
ff77abe7 by Salvatore Bonaccorso at 2020-06-20T14:00:43+02:00
LTS templates: Replace use of Jessie with Stretch

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
c9c09cbb by Salvatore Bonaccorso at 2020-06-20T14:01:42+02:00
LTS: When checking for missing lts uploads use stretch sources

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
20dccf36 by Salvatore Bonaccorso at 2020-07-05T18:41:24+00:00
Merge branch 'end-of-life-security-support-stretch' into 'master'

Update security-tracker data for end of life of regular security support for stretch

See merge request security-tracker-team/security-tracker!55
- - - - -


10 changed files:

- bin/add-dsa-needed.sh
- bin/lts-missing-uploads.py
- data/config.json
- doc/DLA.template
- doc/DSA.template
- doc/security-team.d.o/index
- static/distributions.json
- templates/lts-no-dsa.txt
- templates/lts-update-planned-minor.txt
- templates/lts-update-planned.txt


Changes:

=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
 
 set -eu
 
-include_oldstable=true
+include_oldstable=false
 turl="https://security-tracker.debian.org/tracker/status/release"
 
 [ -f data/dsa-needed.txt ] || {


=====================================
bin/lts-missing-uploads.py
=====================================
@@ -28,7 +28,7 @@ from debian.debian_support import Version
 
 class LTSMissingUploads(object):
     MONTHS = 6
-    SOURCES = 'http://security.debian.org/dists/jessie/updates/main/source/Sources.gz'
+    SOURCES = 'http://security.debian.org/dists/stretch/updates/main/source/Sources.gz'
 
     re_line = re.compile(
         r'(?P<suffix>msg\d+.html).*\[DLA (?P<dla>[\d-]+)\] (?P<source>[^\s]+) security update.*'


=====================================
data/config.json
=====================================
@@ -58,9 +58,7 @@
         "optional": [
           "jessie-proposed-updates"
         ]
-      },
-      "architectures": [ "amd64", "armel", "armhf", "i386" ],
-      "release": "oldoldstable"
+      }
     },
     "stretch": {
       "members": {
@@ -72,7 +70,7 @@
           "stretch-proposed-updates"
         ]
       },
-      "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips", "mips64el", "mipsel", "ppc64el", "s390x" ],
+      "architectures": [ "amd64", "arm64", "armel", "armhf", "i386" ],
       "release": "oldstable"
     },
     "buster": {


=====================================
doc/DLA.template
=====================================
@@ -3,15 +3,15 @@ To: debian-lts-announce at lists.debian.org
 Subject: [SECURITY] [DLA $DLAID] $PACKAGE security update
 
 Package        : $PACKAGE
-Version        : $jessie_VERSION
+Version        : $stretch_VERSION
 CVE ID         : $CVE
 Debian Bug     : $BUGNUM
 
 
 $TEXT
 
-For Debian 8 "Jessie", this problem has been fixed in version
-$jessie_VERSION.
+For Debian 9 "Stretch", this problem has been fixed in version
+$stretch_VERSION.
 
 We recommend that you upgrade your $PACKAGE packages.
 


=====================================
doc/DSA.template
=====================================
@@ -14,9 +14,6 @@ Debian Bug     : $BUGNUM
 
 $TEXT
 
-For the oldstable distribution ($OLDSTABLE), this problem has been fixed
-in version $$OLDSTABLE_VERSION.
-
 For the stable distribution ($STABLE), this problem has been fixed in
 version $$STABLE_VERSION.
 


=====================================
doc/security-team.d.o/index
=====================================
@@ -1,11 +1,9 @@
 <table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
 	<tbody>
-            <tr><th>Stretch 9</th><th>Buster 10</th><th>Bullseye 11</th><th>Sid</th></tr>
-            <tr><th>stretch-security</th><th>buster-security</th><th>testing</th><th>unstable</th></tr>
+            <tr><th>Buster 10</th><th>Bullseye 11</th><th>Sid</th></tr>
+            <tr><th>buster-security</th><th>testing</th><th>unstable</th></tr>
 	<tr>
 	<td valign="top">
-		<a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
-	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
 	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -13,8 +11,6 @@
 		<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
 	</td></tr>
 	<tr><td valign="top">
-                <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next point update</a><br\>
-	</td><td valign="top">
                 <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
 	</td><td valign="top">
 		Next point update<br\>


=====================================
static/distributions.json
=====================================
@@ -6,13 +6,13 @@
   },
   "jessie": {
     "major-version": "8",
-    "support": "lts",
-    "contact": "debian-lts at lists.debian.org"
+    "support": "none",
+    "contact": ""
   },
   "stretch": {
     "major-version": "9",
-    "support": "security",
-    "contact": "team at security.debian.org"
+    "support": "lts",
+    "contact": "debian-lts at lists.debian.org"
   },
   "buster": {
     "major-version": "10",


=====================================
templates/lts-no-dsa.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Jessie
+Subject: About the security issues affecting {{ package }} in Stretch
 
 Dear maintainer(s),
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Jessie:
+package in Stretch:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
 https://security-tracker.debian.org/tracker/source-package/{{ package }}
 {%- endif %}
 
-We decided that we would not prepare a jessie security update (usually
+We decided that we would not prepare a stretch security update (usually
 because the security impact is low and that we concentrate our limited
 resources on higher severity issues and on the most widely used packages).
-That said the jessie users would most certainly benefit from a fixed
+That said the stretch users would most certainly benefit from a fixed
 package.
 
 If you want to work on such an update, you're welcome to do so. Please


=====================================
templates/lts-update-planned-minor.txt
=====================================
@@ -1,10 +1,10 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Jessie update of {{ package }} (minor security issues)?
+Subject: Stretch update of {{ package }} (minor security issues)?
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Jessie:
+package in Stretch:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
 package, although the security impact of still open issues is low. When
 resources are available on our side, one of the LTS team members will
 start working on fixes for those minor security issues, as we think that
-the jessie users would most certainly benefit from a fixed package.
+the stretch users would most certainly benefit from a fixed package.
 
 If you'd rather want to work on such an update yourself, you're welcome
 to do so. Please send us a short notification to the debian-lts mailing


=====================================
templates/lts-update-planned.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Jessie update of {{ package }}?
+Subject: Stretch update of {{ package }}?
 
 Dear maintainer(s),
 
 The Debian LTS team would like to fix the security issues which are
-currently open in the Jessie version of {{ package }}:
+currently open in the Stretch version of {{ package }}:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e722641541cd995a8c8464cd85bf38a419e9fdb...20dccf36dca1b7cc39e28c476d913d64008ab77a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e722641541cd995a8c8464cd85bf38a419e9fdb...20dccf36dca1b7cc39e28c476d913d64008ab77a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200705/52df16eb/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list