Let me describe my suggestion in more detail: - Instead of having the "is this a security version" check implemented directly in bin/reportbug as a version number check, there could be a new function "is_security_update(package, version)" in reportbug/utils.py. You can move the version number check there to quickly decide if this is definitely no security version.
- The point of the apt-cache idea was to try harder to avoid asking the user unnecessary questions. So this could be included in the new function. Your question will still be asked, but only if the evidence that the package actually is a security update is stronger. To avoid the sys.exit completely, you could just move the seven lines starting with data = r.json() inside the try: clause? Please be optimistic: the feedback loop is short now, so we might arrive at something acceptable to Sandro soon, and then you'll have your notifications.
