Code review comment for ~rodrigo-zaiden/ubuntu-security-tools:fix-build-source-list

Hey Rodrigo,

On Wed, Apr 27, 2022 at 01:29:44PM -0000, Rodrigo Figueiredo Zaiden wrote:
> > we should not support the format 'release/esm-{infra/apps}', please follow the
> > new CVE file format which is:
> > PRODUCT/RELEASE
> >
> > so it should be:
> > esm/precise [1]
> > esm/trusty [1]
> > esm-infra/xenial
> > esm-apps/xenial
> > esm-apps/bionic
> > esm-apps/focal
> > esm-apps/jammy
> >
> > [1] Please note that precise and trusty we do have alias setup to accept
> > trusty/esm and precise/esm and this was a decision so we don't have to touch
> > all our CVEs and infrastructure as their ESM came before the new CVE file
> > format.
>
> I've made a new commit where I support the format release/esm{-infra/-apps}
> In the end, it is a cleaner code.
> If you could give a new look at it, I appreciate.

I think there's a bit of confusion about what Eduardo was trying to say.

For xenial and newer, only the formats `esm-{infra,apps}/RELEASE`
should be accepted. For trusty `esm/trusty` and `trusty/esm` both
need to work (in particular the latter format); in this case either
should generate the private ppa entry for trusty. With the revised
change it's only generating a trusty ppa line if `esm/trusty` is used.

That said, feel free to drop references to precise. It is gone and not
coming back.

Thanks!

--
Steve Beattie
<email address hidden>