Package: apt-listbugs
Version: 0.1.35
Severity: important
Hi,
apt-listbugs doesn't seem to care about release-related tags in the BTS,
e.g. shows RC bugs on stable which are tagged sid and (currently)
bookworm in the BTS and hence don't apply to the same (or similar)
version in stable. This causes false positives and unnecessarily blocks
backported security updates of rolling-release packages like
firefox-esr, chromium, etc. as well as updates of packages in
<release>-backports.
One such recent example is #1021810 in firefox-esr which is about
dropping 32-bit architectures in the future. (Granted, the result of
that specific discussion-style bug-report will probably also apply to
stable at some point, but that's not the point here. :-)
So from my point of view, apt-listbugs should do the following:
* Check on which release it is running.
* Only take RC bugs into account, which are either not tagged for any
release at all (and where hence only the affected versions are
relevant) or which are (also) tagged for the current release.
To do that it seems only marginally necessary how other releases a named
as it only needs to know the release name of the release its running
on. For that it should suffice to know a list of all tags which are
_not_ release names.
Then again, if new not-release-name tags are added to the BTS in the
future, having a positive list of all known release names (which are
usually known two releases in advance) might be helpful nevertheless.
(Bug report written on unstable, but applies to both,
unstable/testing/bookworm and at least stable/bullseye. Can also dig out
the details from the host where it actually happened with #1021810
blocking firefox-esr updates on stable/bullseye if necessary. But since
this is a missing feature to fix regular false positives, this applies
to unstable as well.)
Regards, Axel
