[Git][security-tracker-team/security-tracker][master] lts: drop bin/contact-maintainers and templates
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Jun 12 07:53:26 BST 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4396fe35 by Sylvain Beucler at 2026-06-12T08:52:33+02:00
lts: drop bin/contact-maintainers and templates
Following the conversation at:
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/297#note_763889
We noticed that:
- bin/contact-maintainers dates from the first years of LTS back in 2015
- we used to contact maintainers about planned LTS uploads but now
it's mostly the other way around
- the templates wording is obsolete
- the Security Team didn't use it
- we have no evidence that LTS contributors used it during the past
few years
Consequently we're dropping this.
If you actually use this, please reach out to debian-lts at l.d.o.
- - - - -
4 changed files:
- − bin/contact-maintainers
- − templates/lts-no-dsa.txt
- − templates/lts-update-planned-minor.txt
- − templates/lts-update-planned.txt
Changes:
=====================================
bin/contact-maintainers deleted
=====================================
@@ -1,159 +0,0 @@
-#!/usr/bin/env python3
-
-import argparse
-import os
-import pwd
-import re
-import sys
-import tempfile
-import urllib
-import warnings
-
-from jinja2 import Template
-
-
-def get_full_name():
- full_name = os.getenv("DEBFULLNAME")
- if full_name:
- return full_name
- return pwd.getpwuid(os.getuid()).pw_gecos.split(",")[0]
-
-
-try:
- import rdflib
-except ImportError:
- warnings.warn("python-rdflib not installed; will fall back to PTS email address")
-
- def get_maintainers(pkg):
- return u"{}@packages.debian.org".format(pkg)
-else:
- def get_maintainers(pkg):
-
- # RDF object and predicate references used on PTS
- project = rdflib.term.URIRef(
- u"http://packages.qa.debian.org/{}#project".format(pkg)
- )
- has_contributor = rdflib.term.URIRef(u"http://schema.org/contributor")
- is_named = rdflib.term.URIRef(u"http://xmlns.com/foaf/0.1/name")
- is_same_as = rdflib.term.URIRef(u"http://www.w3.org/2002/07/owl#sameAs")
-
- maint = []
-
- graph = rdflib.Graph()
- try:
- graph.parse(
- "https://packages.qa.debian.org/{}/{}.rdf".format(
- re.match("((?:lib)?.)", pkg).group(1), pkg
- )
- )
- except urllib.error.HTTPError as exc:
- if exc.code == 404:
- raise ValueError("unknown package '{}'".format(pkg))
- raise
- for contrib in graph[project:has_contributor]:
- names = [n for n in graph[contrib:is_named]]
- addresses = [
- urllib.parse.unquote(m.group(1))
- for m in map(
- re.compile(
- r"http://webid\.debian\.net/maintainers/(.*)#agent$"
- ).match,
- graph[contrib:is_same_as],
- )
- if m
- ]
- if not names or not addresses:
- warnings.warn("found contributor missing name and/or address")
- continue
- address = addresses[0]
- if "@" not in address:
- address += "@debian.org"
- maint.append(u'"{}" <{}>'.format(names[0], address))
-
- return u", ".join(maint)
-
-# Parse command line
-parser = argparse.ArgumentParser(description="Get in touch with package maintainers")
-parser.add_argument("--force", action="store_true", help="Ignore safety checks")
-parser.add_argument(
- "--lts", action="store_true", help="Act as a member of the LTS team"
-)
-parser.add_argument(
- "--no-dsa",
- dest="no_dsa",
- action="store_true",
- help="Say that issues are low severity (no need for DSA/DLA)",
-)
-parser.add_argument(
- "--minor",
- dest="minor_issues",
- action="store_true",
- help="Say that issues are low severity and someone will work on them (LTS team only)",
-)
-parser.add_argument(
- "--mailer",
- action="store",
- default="mutt -H {}",
- help="Command executed. Must contain {} to be replaced "
- "by the filename of the draft contact mail",
-)
-parser.add_argument("package")
-parser.add_argument("cve", nargs="*")
-args = parser.parse_args()
-
-cc = "debian-lts at lists.debian.org" if args.lts else "team at security.debian.org"
-team = "lts" if args.lts else "sec"
-model = "no-dsa" if args.no_dsa else "update-planned"
-minor = "-minor" if args.minor_issues and args.lts else ""
-template_file = "templates/{}-{}{}.txt".format(team, model, minor)
-
-# Basic check
-instructions = "packages/{}.txt".format(args.package)
-if os.path.exists(instructions) and not args.force:
- print("Have a look at {}".format(instructions))
- print("If you still want to run this script, run it with --force.")
- sys.exit(1)
-
-# Check if we should contact maintainers
-dontcall = "data/packages/lts-do-not-call"
-if args.lts and not args.force:
- with open(dontcall) as f:
- for line in f:
- if line[0] == "#":
- continue
- if not line.strip():
- continue
- if line.split()[0] == args.package:
- print("Maintainer(s) may not be contacted for LTS issues.")
- print("Reason: {}".format(" ".join(line.split()[1:])))
- print("If you still want to run this script, run it with --force.")
- sys.exit(1)
-
-# Generate the context
-
-# XXX: Once that 761859 is fixed, improve the logic here to:
-# - retrieve the current list of CVE dynamically
-# - check whether we should use the no-dsa variant of the template
-# - check whether we have an open bug report, in which case we should
-# include it in the recipients of the mail
-
-context = {
- "package": args.package,
- "sender": get_full_name(),
- "cve": args.cve,
- "to": get_maintainers(args.package),
- "cc": cc,
- "uploaders": "",
-}
-
-# Generate the mail
-with open(template_file) as f:
- template = Template(f.read())
-
-fd, filename = tempfile.mkstemp(prefix="contact-maintainers", suffix=".txt")
-draft = os.fdopen(fd, "wb")
-draft.write(template.render(context).encode("utf-8"))
-draft.close()
-
-os.system(args.mailer.format(filename))
-os.unlink(filename)
=====================================
templates/lts-no-dsa.txt deleted
=====================================
@@ -1,38 +0,0 @@
-Content-Type: text/plain; charset=utf-8
-To: {{ to }}
-Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Bookworm
-
-Dear maintainer(s),
-
-The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Bookworm:
-{%- if cve -%}
-{% for entry in cve %}
-https://security-tracker.debian.org/tracker/{{ entry }}
-{%- endfor -%}
-{%- else %}
-https://security-tracker.debian.org/tracker/source-package/{{ package }}
-{%- endif %}
-
-We decided that we would not prepare a bookworm security update (usually
-because the security impact is low and that we concentrate our limited
-resources on higher severity issues and on the most widely used packages).
-That said the bookworm users would most certainly benefit from a fixed
-package.
-
-If you want to work on such an update, you're welcome to do so. Please
-try to follow the workflow we have defined here:
-https://wiki.debian.org/LTS/Development
-
-If that workflow is a burden to you, feel free to just prepare an
-updated source package and send it to debian-lts at lists.debian.org (via a
-debdiff, or with an URL pointing to the source package, or even with a
-pointer to your packaging repository), and the members of the LTS team
-will take care of the rest. However please make sure to submit a tested
-package.
-
-Thank you very much.
-
-{{ sender }},
- on behalf of the Debian LTS team.
=====================================
templates/lts-update-planned-minor.txt deleted
=====================================
@@ -1,40 +0,0 @@
-Content-Type: text/plain; charset=utf-8
-To: {{ to }}
-Cc: {{ cc }}
-Subject: Bookworm update of {{ package }} (minor security issues)?
-
-The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Bookworm:
-{%- if cve -%}
-{% for entry in cve %}
-https://security-tracker.debian.org/tracker/{{ entry }}
-{%- endfor -%}
-{%- else %}
-https://security-tracker.debian.org/tracker/source-package/{{ package }}
-{%- endif %}
-
-We decided that a member of the LTS team should take a look at this
-package, although the security impact of still open issues is low. When
-resources are available on our side, one of the LTS team members will
-start working on fixes for those minor security issues, as we think that
-the bookworm users would most certainly benefit from a fixed package.
-
-If you'd rather want to work on such an update yourself, you're welcome
-to do so. Please send us a short notification to the debian-lts mailing
-list (debian-lts at lists.debian.org), expressing your intention to work on
-issues yourself. Otherwise, no action is required from your side.
-
-When working on issues, please try to follow the workflow we have defined
-here: https://wiki.debian.org/LTS/Development
-
-If that workflow is a burden to you, feel free to just prepare an
-updated source package and send it to debian-lts at lists.debian.org (via a
-debdiff, or with an URL pointing to the source package, or even with a
-pointer to your packaging repository), and the members of the LTS team
-will take care of the rest. However please make sure to submit a tested
-package.
-
-Thank you very much.
-
-{{ sender }},
- on behalf of the Debian LTS team.
=====================================
templates/lts-update-planned.txt deleted
=====================================
@@ -1,46 +0,0 @@
-Content-Type: text/plain; charset=utf-8
-To: {{ to }}
-Cc: {{ cc }}
-Subject: Bookworm update of {{ package }}?
-
-Dear maintainer(s),
-
-The Debian LTS team would like to fix the security issues which are
-currently open in the Bookworm version of {{ package }}:
-{%- if cve -%}
-{% for entry in cve %}
-https://security-tracker.debian.org/tracker/{{ entry }}
-{%- endfor -%}
-{%- else %}
-https://security-tracker.debian.org/tracker/source-package/{{ package }}
-{%- endif %}
-
-Would you like to take care of this yourself?
-
-If yes, please follow the workflow we have defined here:
-https://wiki.debian.org/LTS/Development
-
-If that workflow is a burden to you, feel free to just prepare an
-updated source package and send it to debian-lts at lists.debian.org
-(via a debdiff, or with an URL pointing to the source package,
-or even with a pointer to your packaging repository), and the members
-of the LTS team will take care of the rest. Indicate clearly whether you
-have tested the updated package or not.
-
-If you don't want to take care of this update, it's not a problem, we
-will do our best with your package. Just let us know whether you would
-like to review and/or test the updated package before it gets released.
-
-You can also opt-out from receiving future similar emails in your
-answer and then the LTS Team will take care of {{ package }} updates
-for the LTS releases.
-
-Thank you very much.
-
-{{ sender }},
- on behalf of the Debian LTS team.
-
-PS: A member of the LTS team might start working on this update at
-any point in time. You can verify whether someone is registered
-on this update in this file:
-https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4396fe35515b59aff7c901b0604f4f5ca9f29761
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4396fe35515b59aff7c901b0604f4f5ca9f29761
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/580004cc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list