[Secure-testing-team] Recording fixed versions in sarge
Florian Weimer
fw at deneb.enyo.de
Sat Sep 10 21:04:48 UTC 2005
If you don't object, I'd like to add version information for sarge to
the data/CAN/list file. The reason is, of course, that it doesn't
make sense to maintain the CVE mapping in two different places.
The format I want to use is:
- hello 2.1.1-5 (bug #nnn; low)
- hello 2.1.1-4sarge1 (sarge; bug #nnn; low)
The "sarge" flag indicates that this line applies to sarge only.
This format has the disadvantage that some of the data has to be
duplicated. However, I might even need the added flexiblity because
bug archival might force me to file a new bug for sarge, and the
urgency could differ for various reasons.
If this format (and the whole plan) is acceptable, which script files
should I change accordingly? Is checklist the only one?
PS: There are quite a few typos in the packages in the data/CAN/list
file. Maybe it would be a good idea to include package lists in the
repository (without version information because it changes too
rapidly), so that consistency checks could be performed locally? (I
will commit the fixes once my group membership information on costa
has been updated.)
More information about the Secure-testing-team
mailing list