[Secure-testing-team] Assigning unique identifiers (CVE?)
Florian Weimer
fw at deneb.enyo.de
Mon Mar 6 22:42:10 UTC 2006
We have a growing list of issues which have not yet received a proper
unique identifier (this is related to Debian bug #352965). Addressing
a few shortcomings in the current database scheme would be easier if I
had a unique identifier for *every* issue.
There are several approaches:
* Use the description (in [brackets]) as the unqiue identifier. The
downside is that we still won't have really stable identifiers for
non-CVE issues.
* Assign Debian Vulnerability Names (DVNs) for issues which are too
minor/obscure for CVE, based on a simple scheme which still needs
to be developed.
* Get MITRE to train some more Debian people on CVE assignment, and
use CVEs exclusively.
* Get rid of that Subversion crap and use a real database as master
source (just kidding).
What do you think? Personally, I tend towards DVNs.
More information about the Secure-testing-team
mailing list