Hi, On Thu, 25 Sep 2014, Holger Levsen wrote: > On Donnerstag, 25. September 2014, Raphaël Hertzog wrote: > > It would be nice if the security tracker could provide by release a list > > of packages with open vulnerabilities (i.e. neither unimportant nor tagged > > as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt > > depending on the case. > > thanks for this description, sounds implementable ;-)
The annoying part is that the mapping of "release => file to use" changes over time. There's a one year period where oldstable is the realm of the security team and only afterwards it gets into dla-needed.txt. I wish we could use a unified process. After all dsa-needed.txt already accepts "package/stable" and "package/oldstable" for the period where the security team takes care of both. Maybe we could just always use that scheme... Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140926153809.gb15...@x230-buxy.home.ouaza.com