[Secure-testing-team] Recording fixed versions in sarge

Moritz Muehlenhoff jmm at inutil.org
Sun Sep 11 22:44:56 UTC 2005


Florian Weimer wrote:
> If you don't object, I'd like to add version information for sarge to
> the data/CAN/list file.  The reason is, of course, that it doesn't
> make sense to maintain the CVE mapping in two different places.

I'd recommend to wait two more weeks. The infrastructure (especially
wrt tracking stable) might change after the Oldenburg meeting and I
think it would make more sense to discuss this a piece of something
larger.
 
> PS: There are quite a few typos in the packages in the data/CAN/list
> file. 

Thanks for these, there were some really embarassing typos rotting...

> Maybe it would be a good idea to include package lists in the
> repository (without version information because it changes too
> rapidly), so that consistency checks could be performed locally?

This would only be useful for checking new entries, as the package
list is in flux and I'd rather not want to rewrite history. (e.g.
we have several bugs against openwebmail, which is no longer in
the archive). A script like this would be very useful, indeed.

Cheers,
        Moritz




More information about the Secure-testing-team mailing list