Hi neil, On Fri, Dec 17, 2021 at 01:14:52PM +0000, Neil Williams wrote: > On Fri, 17 Dec 2021 13:40:04 +0100 Salvatore Bonaccorso <[email protected]> > wrote: > > Hi Neil, > > > > On Fri, Dec 17, 2021 at 01:22:32PM +0100, Salvatore Bonaccorso wrote: > > > Hi, > > > > > > > Online - query either the distro-tracker or debian-devel-changes mail > > > > archive: > > > > --email EMAIL URL of debian-devel-changes announcement in the > > > > list archive > > > > --tracker TRACKER URL of tracker.debian.org 'Accepted NEWS' page for > > > > unstable > > > > > > > > > > Nice! I will need (or want) to try to experiment with it a bit on > > > apparing real cases. > > > > Just doing a quick test, while beeing entusiastic about your proposed > > script: I think it will not work correctly yet wit bin/merge-cve-list. > > On either side it will need adaption. > > OK. I will add that to my tests on next versions of the script. > > > Taking the example with freerdp2, assuming there won't be the fixed > > version yet in the data/CVE/list it will produce the following > > freerdp2.list: > > > > CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop > > Protocol (RDP), ...) > > - freerdp2 2.4.1+dfsg1-1 (bug #1001062) > > [bullseye] - freerdp2 <no-dsa> (Minor issue) > > [buster] - freerdp2 <no-dsa> (Minor issue) > > - freerdp <removed> > > > $ ./bin/merge-cve-list data/CVE/list ./freerdp2.list > > [...] > > NotImplementedError: unsupported annotation of type NOTE (line 7) > > > > So maybe it's just merge-cve-list which should be better and allow for > > such situation and handle as well the NOTEs. > > I'll work on adding that support - it will be useful for the > changes for #1001453 which wants to explicitly add a NOTE entry.
Yes agreed, unter this aspect it makes more sense to fix and expand merge-cve-list script. > > This just what i noticed while wanting to try it out. > > > > Usually we read the debian-changes mails in a MUA, so I wonder if we > > can make the script accept as well not only things passed by --tracker > > or --email, but rather piped trough when reading the changes mail in > > e.g. mutt. What woud you think about it? > > I wondered if stdin type input would be required. I'll work on that > next week, probably Monday. Thank you! :) Salvatore
