On Wed, Mar 9, 2016 at 9:18 AM, Stephen Quintero wrote: > I am parsing the JSON security data which Debian graciously makes available > (https://security-tracker.debian.org/tracker/data/json) and have encountered > some inconsistent data where packages are marked as fixed or affected with > the same name+version+release but with different epochs. > > This generally appears to be the case of an epoch being omitted, and > therefore presumed 0, when it is not actually 0. While there are ~100 such > cases in the distros I am parsing (debian-6, 7 and 8), they reduce to the 17 > unique cases I have appended to this email.
Thanks, I have fixed these in the source data. > Thank you for keeping up this good work, and I hope this information will be > helpful. I think we should probably improve our processes such that this issue cannot happen. -- bye, pabs https://wiki.debian.org/PaulWise