On 02/19/2015 05:31 PM, Paul Wise wrote: > On Fri, Feb 20, 2015 at 12:40 AM, John Goerzen wrote: > >> Right now, the security tracker has, apparently, three status for each >> version of Debian: >> >> not vulnerable >> vulnerable >> fixed >> >> What if we add a fourth: >> >> not worth fixing >> >> This could more clearly communicate what is being said by the "no DSA" >> comments, as well as allow debsecan to be improved with this sort of >> information. What do you think? > "no DSA" means "will probably not be fixed via security.debian.org" or > "will only be fixed via a point release by the maintainer or anyone > who cares", not "not worth fixing". > Quite. But that is a freeform text field. I'm just suggesting we move/add it to the database so it is useable by automatic tools like debsecan and visible to people that are using the tracker. Does that sound doable? I would be willing to pitch in and help convert "no dsa" comments to use the new db field option too.
John -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
