[Secure-testing-team] Introducing <no-dsa>
Moritz Muehlenhoff
jmm at inutil.org
Fri Dec 30 01:39:05 UTC 2005
Hi,
to use the tracker efficiently for stable and oldstable we need a new
resoluton state; <no-dsa>
It should only be used with distribution tags for security-maintained
stable releases and tracks issues, which are present in a release, but
are not considered critical enough to warrant a DSA. The syntax is
as follows:
[distribution-tags] - packagename <no-dsa> (This explains, why there is no DSA)
It is similar to <unfixed>, but has the additional information payload that
the user can sleep safely, even with this unfixed. Plus, it gives some more
transparency why no DSA is coming, compared to the current state where it's
simply left unfixed. The Security Tracker should filter them out somehow, so
that they're somehow separated from the unfixed ones.
Florian, please tell me, when you've added this to the Python-lib and debsecan,
afterwards I'll add some entries to CVE/list.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list