On Feb/28, Salvatore Bonaccorso wrote: > > Since I made mistakes in setting the package version in DLA texts > > (and I'm not alone ;-)) I came up with the attached patch which > > makes gen-DLA and guess the proper one. > > > > If both teams like it I'll push it to the repo. > > I can only speak for myself: I would rather not see that > patch/automatism applied for mainly two reasons: First, we prepare > DSA's in advance, the usual procedure and only once the package would > be dak install'ed in to the archive it appears in the Sources.gz. > > The second reason is: at least for the suites which the security team > takes care, there are as well updates via point releases and appearing > in the main repository. > > Now that I'm writing, I can think of some corner cases (where e.g. > there is a major version bump, and we cannot just do previous version > + 1). > > For those two reasons I would rather just say to have a note in the > DLA preparation notes to mention the epochs. > > I may speak for myself alone, but given for us there are embargoed > queues on security-master, I would rather have to specify a version > explicitly when I parepare a DSA.
I agree: this is more of a documentation problem (I always double-check the version manually in the *changes files, prior to writing the DSA), and not something that's easily fixed in gen-DSA itself. However, if you acknowledge the limitations brought forward by Salvatore, but still think a "version guess" can help, we're of course not opposed to your implementing this behavior via an *optional* command-line switch (that'd ideally document all those shortcomings). I'd for one tend to stay well away from it, but it'd come down to a personal choice from the person writing the advisory :) Cheers, --Seb
