[pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries
@ 2021-07-09  7:24 Rhonda D'Vine
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
  0 siblings, 1 reply; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  7:24 UTC (permalink / raw)
  To: pve-devel

The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.

Rhonda D'Vine (1):
  Only check deb sources.list entries

 PVE/CLI/pve6to7.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.30.2

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries Rhonda D'Vine
@ 2021-07-09  7:24 ` Rhonda D'Vine
  2021-07-09  8:33   ` Fabian Ebner
  2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht
  0 siblings, 2 replies; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  7:24 UTC (permalink / raw)
  To: pve-devel

The check isn't specific enough, it also catches deb-src entries and
would give a false impression of security in certain circumstances, or
lead to false negatives in case you have a deb-src entry for
buster/updates even though you have bullseye-security in just the next
line -- something that isn't that uncommon for developers.

Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
---
 PVE/CLI/pve6to7.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
index fb928a9c..30adcb19 100644
--- a/PVE/CLI/pve6to7.pm
+++ b/PVE/CLI/pve6to7.pm
@@ -1010,7 +1010,7 @@ sub check_security_repo {
 
 	    ($line) = split(/#/, $line);
 
-	    next if $line !~ m/^deb/; # is case sensitive
+	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
 
 	    my $suite;
 
-- 
2.30.2




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
@ 2021-07-09  8:33   ` Fabian Ebner
  2021-07-09  8:49     ` Rhonda D'Vine
  2021-07-13  4:53     ` Thomas Lamprecht
  2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht
  1 sibling, 2 replies; 6+ messages in thread
From: Fabian Ebner @ 2021-07-09  8:33 UTC (permalink / raw)
  To: pve-devel, rhonda

Am 09.07.21 um 09:24 schrieb Rhonda D'Vine:
> The check isn't specific enough, it also catches deb-src entries and
> would give a false impression of security in certain circumstances, or
> lead to false negatives in case you have a deb-src entry for
> buster/updates even though you have bullseye-security in just the next
> line -- something that isn't that uncommon for developers.
> 
> Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
> ---
>   PVE/CLI/pve6to7.pm | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
> index fb928a9c..30adcb19 100644
> --- a/PVE/CLI/pve6to7.pm
> +++ b/PVE/CLI/pve6to7.pm
> @@ -1010,7 +1010,7 @@ sub check_security_repo {
>   
>   	    ($line) = split(/#/, $line);
>   
> -	    next if $line !~ m/^deb/; # is case sensitive
> +	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
>   
>   	    my $suite;
>   
> 

Of course, thank you for the fix!

FWIW, Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>

I also noticed that the check is not yet in the stable-6 branch.




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  8:33   ` Fabian Ebner
@ 2021-07-09  8:49     ` Rhonda D'Vine
  2021-07-13  4:53     ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Rhonda D'Vine @ 2021-07-09  8:49 UTC (permalink / raw)
  To: Fabian Ebner; +Cc: pve-devel

   Hi,

* Fabian Ebner <f.ebner@proxmox.com> [2021-07-09 10:33:08 CEST]:
> Am 09.07.21 um 09:24 schrieb Rhonda D'Vine:
> > --- a/PVE/CLI/pve6to7.pm
> > +++ b/PVE/CLI/pve6to7.pm
> > @@ -1010,7 +1010,7 @@ sub check_security_repo {
> >   	    ($line) = split(/#/, $line);
> > -	    next if $line !~ m/^deb/; # is case sensitive
> > +	    next if $line !~ m/^deb[[:space:]]/; # is case sensitive
> >   	    my $suite;
> 
> Of course, thank you for the fix!
> 
> FWIW, Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>
> 
> I also noticed that the check is not yet in the stable-6 branch.

 Right, I didn't check which branches this should be applied, but I
assume that the commit should apply without any troubles there too (and
obviously would make more sense in that branch).

 Cheers,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [pve-devel] applied: [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
  2021-07-09  8:33   ` Fabian Ebner
@ 2021-07-13  4:34   ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-07-13  4:34 UTC (permalink / raw)
  To: Proxmox VE development discussion, Rhonda D'Vine

On 09.07.21 09:24, Rhonda D'Vine wrote:
> The check isn't specific enough, it also catches deb-src entries and
> would give a false impression of security in certain circumstances, or
> lead to false negatives in case you have a deb-src entry for
> buster/updates even though you have bullseye-security in just the next
> line -- something that isn't that uncommon for developers.
> 
> Signed-off-by: Rhonda D'Vine <rhonda@deb.at>
> ---
>  PVE/CLI/pve6to7.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
>

applied, with Fabi's R-b tag, thanks!




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [pve-devel] [PATCH pve-manager 1/1] Only check deb sources.list entries
  2021-07-09  8:33   ` Fabian Ebner
  2021-07-09  8:49     ` Rhonda D'Vine
@ 2021-07-13  4:53     ` Thomas Lamprecht
  1 sibling, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2021-07-13  4:53 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Ebner

On 09.07.21 10:33, Fabian Ebner wrote:
> I also noticed that the check is not yet in the stable-6 branch.
> 

It is in 6.4-13, stable-6 branch was not pushed out though - fixed now.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-07-13  4:53 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-09  7:24 [pve-devel] [PATCH pve-manager 0/1] Only check deb sources.list entries Rhonda D'Vine
2021-07-09  7:24 ` [pve-devel] [PATCH pve-manager 1/1] " Rhonda D'Vine
2021-07-09  8:33   ` Fabian Ebner
2021-07-09  8:49     ` Rhonda D'Vine
2021-07-13  4:53     ` Thomas Lamprecht
2021-07-13  4:34   ` [pve-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal