* Moritz Muehlenhoff: > On Thu, Feb 25, 2010 at 10:40:35PM +0100, Florian Weimer wrote: >> * Holger Levsen: >> >> > why does http://security-tracker.debian.org/tracker/CVE-2010-0286 lists >> > 4.2.8-1 in squeeze as affected? squeeze has a newer version and 4.2.8-1 is >> > not in Debian anywhere anymore... >> >> We somehow missed the removal of the alpha architecture from squeeze. >> Thanks for spotting this. I will try to rectify this tomorrow. > > Is there a specific reason the Security Tracker is dealing with binary > packages at all?
The reasons are mainly historic. We used to have binary package names in the list files. And there wasn't a reasonably up-to-date DD-accessible dak mirror at that time. Actually, I've been using the tracker as some sort of "dak ls" replacement. Nowadays, the mirror on merkel should be up-to-date, and I can look directly on security-master at the security archive, so the necessity is indeed gone. > All the information we care about is based on the source packages > AFAICS. Right, it should be feasible to remove the binary package files. I will look into this, too. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
