Hi, On Sun, Dec 10, 2017 at 01:35:43PM +0100, Salvatore Bonaccorso wrote: > Hi Guido, > > On Sun, Dec 10, 2017 at 12:59:05PM +0100, Guido Günther wrote: > > Hi, > > On Sun, Dec 10, 2017 at 12:51:38PM +0100, Salvatore Bonaccorso wrote: > > > Hi > > > > > > On Sun, Dec 10, 2017 at 10:00:55AM +0100, Salvatore Bonaccorso wrote: > > > > Hi > > > > > > > > Cc'ing explicitly Guido and Raphael, who commented before. > > > > > > > > On Sat, Dec 09, 2017 at 03:25:14PM +0100, Markus Koschany wrote: > > > > > Hi, > > > > > > > > > > I have updated my patch for reportbug. Now emails are sent only to one > > > > > of the team mailing lists based on the release number in the version > > > > > string. There is apparently no simple way to determine the > > > > > relationship > > > > > between release number, code name, suite and whether this is a LTS > > > > > release. So we came up with a simple json file which provides this > > > > > kind > > > > > of information and can be adjusted as time goes by. We think that > > > > > security-tracker.debian.org would be a good place for this file but > > > > > I'd > > > > > appreciate it if someone from the security team told us the exact > > > > > location. > > > > > > > > > > See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878088#45 > > > > > > > > So let me first understand the information you would need from that > > > > file (here in sort-of-yaml): > > > > > > > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > > > wheezy: > > > > major-version: 7 > > > > support: lts > > > > jessie: > > > > major-version: 8 > > > > support: security > > > > stretch: > > > > major-version: 9 > > > > support: security > > > > buster: > > > > major-version: 10 > > > > support: none > > > > bullseye: > > > > major-version: 11 > > > > support: none > > > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > > > > > But rather in JSON than YAML. Florian would not recommend using YAML, and > > > furthermore it's more consistent with the tracker itself. > > > > > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > > { > > > "wheezy": { > > > "major-version": "7", > > > "support": "lts" > > > }, > > > "jessie": { > > > "major-version": "8", > > > "support": "security" > > > }, > > > "stretch": { > > > "major-version": "9", > > > "support": "security" > > > }, > > > "buster": { > > > "major-version": "10", > > > "support": "none" > > > }, > > > "bullseye": { > > > "major-version": "11", > > > "support": "none" > > > } > > > } > > > ----cut---------cut---------cut---------cut---------cut---------cut----- > > > > > > and beeing accessible under > > > https://security-tracker.debian.org/tracker/distributions.json > > > > That makes as lot of sense! (I used YAML in the example for readability, > > output of the tracker should be JSON). The main reason why I'd prefer > > the tracker is that we can update the file ourselves when switching > > releases. > > Yes I can understand why you prefer the security-tracker itself. My > convern was (and still in back on my head), we add more mappings. But > with eabove, we do not need to take care of stable->oldstable, etc ... > just add the who-is-supporting field. > > A version of the above is live on the security-tracker, but I have not > yet commited the changes. I would first like to know: are you happy > with the 'major-version' nomenclature, otherwise we could change it to > 'version'. 'support' should maybe 'support-by'?
Looks good to me. Cheers, -- Guido
