Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Ola Lundqvist 
Hi

One thing to consider when implementing a delay. You typically reserve the
DLA some time before making the update so the time you select will most
likely be wrong.
Based on this I tend to agree with Holger that any time you select will not
be suitable. :-)

But sure some delay may be ok.

// Ola

On Tue, 18 Aug 2020 at 00:08, Holger Levsen  wrote:

> hi Sylvain,
>
> On Mon, Aug 17, 2020 at 11:45:03PM +0200, Sylvain Beucler wrote:
> > > - DLA 2332-1 (reserved by Sylvain Beucler)
> > I just uploaded it, I am waiting for the ftp confirmation mail, I didn't
> > even send it by e-mail yet - don't harass me!! ;)
> >
> > More seriously, we could add a delay.
>
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.
>
> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my
> semiautomatic
> mails should have a permanent disclaimer that being 'called out' by them is
> nothing bad and doesn't deserve any explaination, just fixing? I've just
> took
> a note to do so next monday, please help me to word this disclaimer nicely.
>
> > Also, I remember we added the uploader name to make it easier for
> > everybody to notice what needs to be fixed, but for roughly the same
> > informational value it may be nicer to mention the package name instead.
>
> that seriously would be a good improvement! patches welcome! ;-D
>
> > What script is responsible for this?
>
> find-missing-advisories in debian-webwml.git, to be used like this:
>
> cd ~/Projects/security-tracker
> git pull
> cd ~/Projects/debian-www/webwml
> git pull
> ./english/security/find-missing-advisories --mode DLA --tracker
> ../../security-tracker/ 2>&1
>
> (while having these git repos cloned into those paths...)
>
>
> --
> cheers,
> Holger
>
>
> ---
>holger@(debian|reproducible-builds|layer-acht).org
>PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
>
> "There's no glory in prevention." (Christian Drosten)
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology 
|  o...@inguza.como...@debian.org|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
 ---

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Sylvain Beucler 
Hi,

According to
https://wiki.debian.org/LTS/Development#Claim_a_DLA_ID_in_DLA.2Flist
one reserves the DLA number right /after/ the upload, with a dated entry
in data/DLA/list, so it's meant to be used quickly.

That being said, I modified the script to not only s/committer/package/,
but also print the DLA date.
(I scrapped a version where I filtered out the current date's DLAs,
because I'm not sure who else uses the script and what they expect).

Cheers!
Sylvain

On 18/08/2020 13:46, Ola Lundqvist wrote:
> Hi
>
> One thing to consider when implementing a delay. You typically reserve
> the DLA some time before making the update so the time you select will
> most likely be wrong.
> Based on this I tend to agree with Holger that any time you select
> will not be suitable. :-)
>
> But sure some delay may be ok.
>
> // Ola
>
> On Tue, 18 Aug 2020 at 00:08, Holger Levsen  > wrote:
>
> hi Sylvain,
>
> On Mon, Aug 17, 2020 at 11:45:03PM +0200, Sylvain Beucler wrote:
> > > - DLA 2332-1 (reserved by Sylvain Beucler)
> > I just uploaded it, I am waiting for the ftp confirmation mail,
> I didn't
> > even send it by e-mail yet - don't harass me!! ;)
> >
> > More seriously, we could add a delay.
>
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.
>
> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my
> semiautomatic
> mails should have a permanent disclaimer that being 'called out'
> by them is
> nothing bad and doesn't deserve any explaination, just fixing?
> I've just took
> a note to do so next monday, please help me to word this
> disclaimer nicely.
>
> > Also, I remember we added the uploader name to make it easier for
> > everybody to notice what needs to be fixed, but for roughly the same
> > informational value it may be nicer to mention the package name
> instead.
>
> that seriously would be a good improvement! patches welcome! ;-D
>
> > What script is responsible for this?
>
> find-missing-advisories in debian-webwml.git, to be used like this:
>
> cd ~/Projects/security-tracker
> git pull
> cd ~/Projects/debian-www/webwml
> git pull
> ./english/security/find-missing-advisories --mode DLA --tracker
> ../../security-tracker/ 2>&1
>
> (while having these git repos cloned into those paths...)
>

Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)

2020-08-18 Thread Sylvain Beucler 
Hi

On 18/08/2020 00:08, Holger Levsen wrote:
> I believe that wouldn't change anything. If the script would only
> complain about DLA reservations X hours old, of course $you would send
> the DLA right after my mail / after X hours + 2 minutes.

I was thinking of 24h, in which case it's perfectly justified to be
notified.
Anyway I settled for printing the DLA date.

Spurious notifications waste time, we better fix them.
(I also dislike when debwatch mails me about a new upstream release
while I'm upstream and I already uploaded a Debian package ;))

> p.s.: as an after thought re: "don't harass me" (though I get it was a
> joke, but I think the joke conveyed a useful notion): maybe my semiautomatic
> mails should have a permanent disclaimer that being 'called out' by them is
> nothing bad and doesn't deserve any explaination, just fixing? I've just took 
> a note to do so next monday, please help me to word this disclaimer nicely.

Whether the e-mail is from a human or from a machine, whether it has a
disclaimer or not, it's never pleasing to be called out.
We better do it only when there's a valid reason.
Which I think is the case for the prior parts of the weekly e-mail.

Cheers!
Sylvain