Hi, On Sun, Oct 20, 2024 at 10:00:56PM +0200, Ola Lundqvist wrote: > Hi Salvatore > > Thank you. I guess we should then have a warning printed since an empty > version is something unusual.
While it is unusual, the changes to the script should not break current usages. Remember that for the regular security support there is as well times were we dual support two suites, but in some cases you will want to issue a DSA only for oldstable, or only for stable, and then you would pass an empty version to the question for th respective suite, and the data/DSA/list entry will be generated correctly (and the template generated cleaned up manually later when writing the DSA, anyway one needs to work carefully when doing DSA releases, as this is on "critical path" to our users fetching security updates, while doing errors is human, so we do, but hopefully seldom enough to not scary our users). So the current behaviour of the script is more or less already fine and cover those cases mentioned above well enough IMHO. What still can be done is to have a check which make some sanity checks on CVE and source package association and *warn* if something is suspicious. Regards, Salvatore
