On Mon, Jun 27, 2022 at 10:29:20PM +0200, Helmut Grohne wrote: > I am having difficulties understanding the process then. I was assuming > that packages added to dla-needed.txt would need an update. If my > understanding of the process is correct, an unimportant issue should be > marked in data/CVE/list and not being added to dla-needed.txt in the > first place.
It was my same understanding at first. In practice, most packages I picked up from dla-needed.txt I ended up handling by having a closer look, some online exchanges, and tagging in data/CVE/list My updated understanding is that the triaging that makes packages end up in *-needed.txt cannot be as in depth as that which can be done downstream of it. I still feel new on this job, so I'm using this as an opportunity to get peer review on my updated understanding :) Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>