Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
On Sat, Sep 27, 2014 at 12:40:03PM +0200, Holger Levsen wrote: Hi, On Freitag, 26. September 2014, Raphael Hertzog wrote: The annoying part is that the mapping of release = file to use changes over time. There's a one year period where oldstable is the realm of the security team and only afterwards it gets into dla-needed.txt. But that happens only every two years and for every release we need to make some minor tweaks anyway. Let's use the current process for some time and re-evaluate later. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
Hi, On Freitag, 26. September 2014, Raphael Hertzog wrote: The annoying part is that the mapping of release = file to use changes over time. There's a one year period where oldstable is the realm of the security team and only afterwards it gets into dla-needed.txt. I wish we could use a unified process. After all dsa-needed.txt already accepts package/stable and package/oldstable for the period where the security team takes care of both. Maybe we could just always use that scheme... in the last month or so I came to realise that the Debian security team doesnt support LTS as a team, only by individual members is not really true / accurate. Or to phrase it differently and more positivly: I thankfully still see many edits to data/CVE/list which refer to squeeze too! Thats awesome! So I think LTS has put a little bit more work on the security teams shoulders. And we should acknowledge / not forget that. (Which I think we do best by working with them, roughly like we have done so far :) cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
Hi, On Thu, 25 Sep 2014, Holger Levsen wrote: On Donnerstag, 25. September 2014, Raphaël Hertzog wrote: It would be nice if the security tracker could provide by release a list of packages with open vulnerabilities (i.e. neither unimportant nor tagged as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt depending on the case. thanks for this description, sounds implementable ;-) The annoying part is that the mapping of release = file to use changes over time. There's a one year period where oldstable is the realm of the security team and only afterwards it gets into dla-needed.txt. I wish we could use a unified process. After all dsa-needed.txt already accepts package/stable and package/oldstable for the period where the security team takes care of both. Maybe we could just always use that scheme... Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
Package: security-tracker Severity: wishlist It would be nice if the security tracker could provide by release a list of packages with open vulnerabilities (i.e. neither unimportant nor tagged as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt depending on the case. It would help triage issues where no formal decision has been taken yet on whether a DSA/DLA is warranted. -- System Information: Debian Release: jessie/sid APT prefers squeeze-lts APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
Hi Raphaël, On Donnerstag, 25. September 2014, Raphaël Hertzog wrote: It would be nice if the security tracker could provide by release a list of packages with open vulnerabilities (i.e. neither unimportant nor tagged as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt depending on the case. thanks for this description, sounds implementable ;-) cheers, Holger signature.asc Description: This is a digitally signed message part.