[Git][security-tracker-team/security-tracker][master] lts-cve-triage: factor out dla-needed checks for clarity and robustness
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Tue Aug 12 10:27:54 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1bae6179 by Sylvain Beucler at 2025-08-12T11:26:03+02:00
lts-cve-triage: factor out dla-needed checks for clarity and robustness
- - - - -
1 changed file:
- bin/lts-cve-triage.py
Changes:
=====================================
bin/lts-cve-triage.py
=====================================
@@ -127,6 +127,9 @@ def add_to_list(key, pkg, issue):
for pkg in tracker.iterate_packages():
+ if pkg in tracker.dla_needed:
+ # Issues already triaged
+ continue
for issue in tracker.iterate_pkg_issues(pkg):
status_in_lts = issue.get_status(RELEASES['lts'])
status_in_next_lts = issue.get_status(RELEASES['next_lts'])
@@ -134,8 +137,7 @@ for pkg in tracker.iterate_packages():
if ((status_in_lts.status == 'resolved' and status_in_lts.reason != 'fixed in 0' and status_in_lts.urgency != 'unimportant')
and (status_in_next_lts.status not in ('resolved', 'not-affected')
and (status_in_next_lts.status != 'ignored' or issue.data['releases'].get(RELEASES['next_lts'], {}).get('nodsa_reason', 'ignored') != 'ignored'))
- and issue.name not in pu_expected
- and pkg not in tracker.dla_needed):
+ and issue.name not in pu_expected):
add_to_list('to_forward', pkg, issue)
if status_in_lts.status in ('not-affected', 'resolved'):
@@ -146,29 +148,25 @@ for pkg in tracker.iterate_packages():
add_to_list('triage_end_of_life', pkg, issue)
continue
- if pkg not in tracker.dla_needed: # Issues not triaged yet
-
- # package issues in LTS that still need being triaged
-
- if re.fullmatch(limited_re, pkg):
- add_to_list('triage_limited_support', pkg, issue)
- continue
-
- if status_in_next_lts.status == 'open':
- if (pkg in tracker.dsa_needed or
- pkg+'/stable' in tracker.dsa_needed or
- pkg+'/oldstable' in tracker.dsa_needed):
- add_to_list('triage_already_in_dsa_needed', pkg, issue)
- else:
- add_to_list('triage_other_not_triaged_in_next_lts',
- pkg, issue)
- elif (status_in_next_lts.status == 'ignored' and
- status_in_next_lts.reason == 'no-dsa'):
- add_to_list('triage_likely_nodsa', pkg, issue)
- elif status_in_next_lts.status == 'resolved':
- add_to_list('triage_possible_easy_fixes', pkg, issue)
+ if re.fullmatch(limited_re, pkg):
+ add_to_list('triage_limited_support', pkg, issue)
+ continue
+
+ if status_in_next_lts.status == 'open':
+ if (pkg in tracker.dsa_needed or
+ pkg+'/stable' in tracker.dsa_needed or
+ pkg+'/oldstable' in tracker.dsa_needed):
+ add_to_list('triage_already_in_dsa_needed', pkg, issue)
else:
- add_to_list('triage_other', pkg, issue)
+ add_to_list('triage_other_not_triaged_in_next_lts',
+ pkg, issue)
+ elif (status_in_next_lts.status == 'ignored' and
+ status_in_next_lts.reason == 'no-dsa'):
+ add_to_list('triage_likely_nodsa', pkg, issue)
+ elif status_in_next_lts.status == 'resolved':
+ add_to_list('triage_possible_easy_fixes', pkg, issue)
+ else:
+ add_to_list('triage_other', pkg, issue)
# status=='ignored': <no-dsa>/<postponed>/<ignored>/<unimportant>/<undetermined>
elif status_in_lts.status == 'ignored':
@@ -176,8 +174,7 @@ for pkg in tracker.iterate_packages():
status_in_next_lts.status == 'open'):
add_to_list('unexpected_nodsa', pkg, issue)
elif (status_in_lts.reason == 'no-dsa' and
- status_in_next_lts.status == 'resolved' and
- pkg not in tracker.dla_needed):
+ status_in_next_lts.status == 'resolved'):
# include fixes from DSA or stable/oldstable point releases
# exclude issues explicitly ignored, and old fixes back in unstable
nodsa_reason = issue.data['releases'][RELEASES['lts']]['nodsa_reason']
@@ -195,6 +192,9 @@ tracker_elts = TrackerData(update_cache=not args.skip_cache_update,
id="elts_tracker")
for pkg in tracker_elts.iterate_packages():
+ if pkg in tracker.dla_needed:
+ # Issues already triaged
+ continue
for issue in tracker_elts.iterate_pkg_issues(pkg):
status_in_lts = issue.get_status(RELEASES['lts'])
status_in_next_lts = issue.get_status(RELEASES['next_lts'])
@@ -203,8 +203,7 @@ for pkg in tracker_elts.iterate_packages():
if (status_in_elts.status == 'resolved' and status_in_elts.reason != 'fixed in 0'
and status_in_next_lts.status == 'resolved'
and status_in_lts.status not in ('resolved', 'not-affected')
- and status_in_lts.urgency != 'unimportant'
- and pkg not in tracker.dla_needed):
+ and status_in_lts.urgency != 'unimportant'):
add_to_list('from_elts', pkg, issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bae617930ea2c558a0595edfd7bf86f0bad1fa0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bae617930ea2c558a0595edfd7bf86f0bad1fa0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/5350d833/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list