Code review comment for ~rodrigo-zaiden/ubuntu-security-tools:fix-build-source-list

On Wed, Apr 27, 2022 at 06:25:04AM -0000, Eduardo Barretto wrote:
> we should not support the format 'release/esm-{infra/apps}', please follow the new CVE file format which is:
> PRODUCT/RELEASE
>
> so it should be:
> esm/precise [1]
> esm/trusty [1]
> esm-infra/xenial
> esm-apps/xenial
> esm-apps/bionic
> esm-apps/focal
> esm-apps/jammy

Cool, I missed when this was communicated. With the change that
Rodrigo is proposing, `esm/trusty` has to be the format used in
~/.ubuntu-security-tools.conf in order for a sources.list to be
generated that references the trusty ppa for ESM, having `trusty/esm`
results in it being skipped.

> [1] Please note that precise and trusty we do have alias setup to
> accept trusty/esm and precise/esm and this was a decision so we don't
> have to touch all our CVEs and infrastructure as their ESM came before
> the new CVE file format.

The esm/trusty alias does not work correctly for umt download:

$ umt search tzdata | grep trusty
trusty/esm: 2022a-0ubuntu0.14.04+esm1, Pocket: release, Component: main
trusty: 2019a-0ubuntu0.14.04, Pocket: updates, Component: main
$ umt download tzdata -r esm/trusty
Skipping release 'esm/trusty': package not found.
$ umt download tzdata -r trusty/esm
Downloading 'tzdata' version '2022a-0ubuntu0.14.04+esm1' for release 'trusty/esm'.

(This happens regardless of whether ~/.ubuntu-security-tools.conf
contains esm/trusty or trusty/esm in `release_list`.)

--
Steve Beattie
<email address hidden>