Ubuntu CVE Tracker

Merge ~rodrigo-zaiden/ubuntu-cve-tracker:generate_usn_grepping into ubuntu-cve-tracker:master

  1. Git
  2. lp:~rodrigo-zaiden/ubuntu-cve-tracker
  3. generate_usn_grepping
  4. Merge into master
Proposed by Rodrigo Figueiredo Zaiden
Status: Rejected
Rejected by: Rodrigo Figueiredo Zaiden
Proposed branch: ~rodrigo-zaiden/ubuntu-cve-tracker:generate_usn_grepping
Merge into: ubuntu-cve-tracker:master
Diff against target: 13 lines (+1/-1)
1 file modified
scripts/sis-generate-usn (+1/-1)
Reviewer Review Type Date Requested Status
Alex Murray Disapprove
Ubuntu Security Team Pending
Review via email: mp+438390@code.launchpad.net

Description of the change

while running the USN bash scripts, the grep that is supposed to find FIXMEs and placeholders is pointing to comment lines, like below example:

 bash new-usn.sh
 new-usn.sh:36:# title: used for Email Subject, Web title. XXX-EXPAND-TO-UPSTREAM-NAME-XXX
 new-usn.sh:57:# releases the same. XXX-CHECK-XXX
 new-usn.sh still contains placeholders / FIXMEs - ensure you fix these all then rerun the script

with this commit, I'm adding a regex to remove lines starting with "#" that should remove the check for comment lines.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

My preference is to be more strict and check any instance of XXX since these comments still contain actionable items that should be addressed.

Revision history for this message
Alex Murray (alexmurray) wrote :

I would be interested to hear what other members of the team think though - so have just assigned ubuntu-security to review this as well.

Revision history for this message
Spyros Seimenis (sespiros) wrote :

I agree with Alex, I thought the purpose of adding that regex check was to force someone to look at the XXX in the commented lines (in addition to making sure that no placeholder XXX text has been forgotten in a description). Instead of ignoring those specific 3 cases why not:
- XXX-EXPAND-TO-UPSTREAM-NAME-XXX, automate that step instead of requiring a manual check
- XXX-CHECK-XXX not sure if that can be automated

or simply use 2 different identifiers, for example XXX for placeholder texts and TODO/MANUALCHECK/whatever, for those commented lines that simply require manual intervention.

Revision history for this message
Amir Naseredini (sahnaseredini) wrote :

I actually found it a bit too harsh to look for the placeholders inside the comments too, but that's a fair point from Alex as well.

Revision history for this message
David Fernandez Gonzalez (litios) wrote :

At first, I thought as Rodrigo but after reading the comments, I think this should stay as it is.

They are a good reminder of the different tasks we should do before publishing. We are already editing the USN so removing the placeholder won't take any time and is a way to "mark" that we indeed did them.

That said, I would even propose adding one more right before the binaries so it's a reminder of reducing them.

Revision history for this message
Amir Naseredini (sahnaseredini) wrote :

+1 to a reminder for reducing to minimum binaries :)

Revision history for this message
Alex Murray (alexmurray) wrote :

Proposed https://code.launchpad.net/~alexmurray/ubuntu-cve-tracker/+git/ubuntu-cve-tracker-1/+merge/438499 to add a XXX for reducing the binaries.

Revision history for this message
Alex Murray (alexmurray) wrote :

Formally disapproving this change from my side.

review: Disapprove
Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

Thank you all for the inputs.
It does make sense, and I'm also +1 on including the part of reducing binaries.

I reviewed the kernel USNs and the XXX is also useful there, where we have the reminders to remove meta and signed kernels sources.

for now, I'll be formally rejecting the merge request.

Thanks!

Unmerged commits

c6953d8... by Rodrigo Figueiredo Zaiden

sis-generate-usn: add regex to remove comment lines in grep

 when grepping for placeholders, we shouldn't look the lines
 that are comments, that is, starting with '#'

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/sis-generate-usn b/scripts/sis-generate-usn
2index 8fa14c2..7a6b4cc 100755
3--- a/scripts/sis-generate-usn
4+++ b/scripts/sis-generate-usn
5@@ -570,7 +570,7 @@ print('#!/bin/bash')
6 print('set -e')
7 print()
8 print('# check for unfixed placeholders - DO NOT REMOVE THE FOLLOWING LINE')
9-print('grep -Hn "X""X""X" "${0}" && echo "${0} still contains placeholders / FIXMEs - ensure you fix these all then rerun the script" && exit 1')
10+print('grep -EHn "^[^#]*"X""X""X"" "${0}" && echo "${0} still contains placeholders / FIXMEs - ensure you fix these all then rerun the script" && exit 1')
11 print()
12 print('export PATH=$PATH:%s' % (config['usn_tool']))
13 print('export USN=%s'%(usn))

Subscribers

People subscribed via source and target branches