Add a new helper script to contact package maintainers

For now I have only provided sample templates for the LTS team, but
everything is ready if the security team wants to use it too.

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@32318 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 86 insertions, 0 deletions

diff --git a/templates/lts-no-dsa.txt b/templates/lts-no-dsa.txt
new file mode 100644
index 0000000000..4ca8ebfd9e
--- /dev/null
+++ b/templates/lts-no-dsa.txt
@@ -0,0 +1,41 @@
+To: {{ to }}
+Cc: {{ cc }}
+Subject: About the security issues affecting {{ package }} in Squeeze
+
+# XXX: Decide whether you want to put some of those persons in copy and
+# then drop this comment
+# Uploaders: {{ uploaders}}
+
+Hello dear maintainer(s),
+
+the Debian LTS team recently reviewed the security issue(s) affecting your
+package in Squeeze:
+{%- if cve -%}
+{% for entry in cve %}
+https://security-tracker.debian.org/tracker/{{ entry }}
+{%- endfor -%}
+{%- else %}
+https://security-tracker.debian.org/tracker/source-package/{{ package }}
+{%- endif %}
+
+We decided that we would not prepare a squeeze security update (usually
+because the security impact is low and that we concentrate our limited
+resources on higher severity issues and on the most widely used packages).
+That said the squeeze users would most certainly benefit from a fixed
+package.
+
+If you want to work on such an update, you're welcome to do so. Please
+try to follow the workflow we have defined here:
+http://wiki.debian.org/LTS/Development
+
+If that workflow is a burden to you, feel free to just prepare an
+updated source package and send it to debian-lts@lists.debian.org
+(via a debdiff, or with an URL pointing to the the source package,
+or even with a pointer to your packaging repository), and the members
+of the LTS team will take care of the rest. However please make sure to
+submit a tested package.
+
+Thank you very much.
+
+{{ sender }},
+  on behalf of the Debian LTS team.
diff --git a/templates/lts-update-planned.txt b/templates/lts-update-planned.txt
new file mode 100644
index 0000000000..fb9ddce7c5
--- /dev/null
+++ b/templates/lts-update-planned.txt
@@ -0,0 +1,45 @@
+To: {{ to }}
+Cc: {{ cc }}
+Subject: squeeze update of {{ package }}?
+
+# XXX: Decide whether you want to put some of those persons in copy and
+# then drop this comment
+# Uploaders: {{ uploaders}}
+
+Hello dear maintainer(s),
+
+the Debian LTS team would like to fix the security issues which are
+currently open in the Squeeze version of your package:
+{%- if cve -%}
+{% for entry in cve %}
+https://security-tracker.debian.org/tracker/{{ entry }}
+{%- endfor -%}
+{%- else %}
+https://security-tracker.debian.org/tracker/source-package/{{ package }}
+{%- endif %}
+
+Would you like to take care of this yourself?
+
+If yes, please follow the workflow we have defined here:
+http://wiki.debian.org/LTS/Development
+
+If that workflow is a burden to you, feel free to just prepare an
+updated source package and send it to debian-lts@lists.debian.org
+(via a debdiff, or with an URL pointing to the the source package,
+or even with a pointer to your packaging repository), and the members
+of the LTS team will take care of the rest. Indicate clearly whether you
+have tested the updated package or not.
+
+If you don't want to take care of this update, it's not a problem, we
+will do our best with your package. Just let us know whether you would
+like to review and/or test the updated package before it gets released.
+
+Thank you very much.
+
+{{ sender }},
+  on behalf of the Debian LTS team.
+
+PS: A member of the LTS team might start working on this update at
+any point in time. You can verify whether someone is registered
+on this update in this file:
+https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup