Antoine Beaupré writes:
> bam: do you want me to start working on that script or were you working
> on this already?
See
https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/8
I personally find this easier to understand as we use the existing CVE
list parser, although
On 2018-06-15 10:27:45, Moritz Muehlenhoff wrote:
> On Fri, Jun 15, 2018 at 04:34:14PM +1000, Brian May wrote:
>> Moritz Muehlenhoff writes:
>>
>> > On Wed, Jun 13, 2018 at 05:19:40PM +1000, Brian May wrote:
[...]
>> That generates a report of all packages that we need to check. I assume
>> we
Brian May writes:
> I will look at making a pull request tomorrow. The changes should be
> reasonably straight forward syntax changes (e.g. use "!=" instead of
> "<>" for the does not equal operator), work with Python3 in stretch, and
> not require any additional dependancies (I think it only
Salvatore Bonaccorso writes:
>> Feel free to make a pull request, I don't think we have a specific
>> dependency
>> on Python 2 modules anywhere. But it might take a bit to get
>> reviewed/deployed
>> as it's not a high priority issue.
>
> To be kept in mind: whatever change is proposed for
Hi,
On Fri, Jun 15, 2018 at 10:23:15AM +0200, Moritz Muehlenhoff wrote:
> On Fri, Jun 15, 2018 at 05:21:55PM +1000, Brian May wrote:
> > Brian May writes:
> >
> > > So we could write a script, lets say:
> > > bin/list-potential-packages-affected-by-code-copies
> >
> > In investigating the
On Fri, Jun 15, 2018 at 04:34:14PM +1000, Brian May wrote:
> Moritz Muehlenhoff writes:
>
> > On Wed, Jun 13, 2018 at 05:19:40PM +1000, Brian May wrote:
> >> "as I said in the mailing list discussion, I don't like the usage of the
> >> undetermined tag... we use it to hide stuff we can't
On Fri, Jun 15, 2018 at 05:21:55PM +1000, Brian May wrote:
> Brian May writes:
>
> > So we could write a script, lets say:
> > bin/list-potential-packages-affected-by-code-copies
>
> In investigating the possibility of this, I noticed the scripts in
> lib/python/sectracker use legacy python
Brian May writes:
> So we could write a script, lets say:
> bin/list-potential-packages-affected-by-code-copies
In investigating the possibility of this, I noticed the scripts in
lib/python/sectracker use legacy python coding standards.
I have updated these files on my local box to work with
Moritz Muehlenhoff writes:
> On Wed, Jun 13, 2018 at 05:19:40PM +1000, Brian May wrote:
>> "as I said in the mailing list discussion, I don't like the usage of the
>> undetermined tag... we use it to hide stuff we can't investigate under
>> the carpet, I would much prefer that we put it as
On Wed, Jun 13, 2018 at 05:19:40PM +1000, Brian May wrote:
> "as I said in the mailing list discussion, I don't like the usage of the
> undetermined tag... we use it to hide stuff we can't investigate under
> the carpet, I would much prefer that we put it as directly
> when it's the case, or
Antoine Beaupré writes:
> https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/4
>
> Comments are welcome there or here.
Current comments on merge request, copied and pasted here, as I think
relevant for the discussion here:
Moritz Muehlenhoff @jmm commented 4 days
Brian May writes:
> In any case, possibly better to leave feedback on the pull request:
s/pull request/issue/
Sorry for any confusion.
--
Brian May
Moritz Muehlenhoff writes:
> On Tue, Jun 12, 2018 at 05:40:34PM +1000, Brian May wrote:
>> 1. Tagging with / instead of .
>
> Nothing of those can automated. The basic point of is that
> we lack data to make a proper assessment.
>
> The correct way to handle these is to triage
>
On Tue, Jun 12, 2018 at 05:40:34PM +1000, Brian May wrote:
> 1. Tagging with / instead of .
Nothing of those can automated. The basic point of is that
we lack data to make a proper assessment.
The correct way to handle these is to triage
Antoine Beaupré writes:
> I've finalized a prototype during my research on this problem, which I
> have detailed on GitLab, as it's really code that should be merged. It
> would also benefit from wider attention considering it affects more than
> LTS now. Anyways, the MR is here:
>
>
I've finalized a prototype during my research on this problem, which I
have detailed on GitLab, as it's really code that should be merged. It
would also benefit from wider attention considering it affects more than
LTS now. Anyways, the MR is here:
On 2018-06-08 03:29:38, Brian May wrote:
> Antoine Beaupré writes:
>
>> Right now, it seems that all scripts that hammer at those files do so
>> with their own ad-hoc parsing code. Is that the recommended way of
>> chopping those files up? Or is there a better parsing library out there?
>
> It
Antoine Beaupré writes:
> Right now, it seems that all scripts that hammer at those files do so
> with their own ad-hoc parsing code. Is that the recommended way of
> chopping those files up? Or is there a better parsing library out there?
It sounds like we really good do with a good parsing
Sorry for resurrecting this old thread, but I've been looking at how to
deal with renamed packages in CVE triaging again. When we last talked
about this, we observed how we were sometimes missing packages during
triage, e.g. `tiff3` that was present in wheezy. That's not an issue
anymore since
19 matches
Mail list logo