[Secure-testing-team] Assigning unique identifiers (CVE?)
Florian Weimer
fw at deneb.enyo.de
Wed Mar 8 18:31:17 UTC 2006
* Moritz Muehlenhoff:
>> * Use the description (in [brackets]) as the unqiue identifier. The
>> downside is that we still won't have really stable identifiers for
>> non-CVE issues.
>
> I don't think we've ever changed a temporary description in brackets so
> far, so that would be my preferred solution.
Okay, in this case, this is probably the way to go. If we keep the
text in square brackets once we switch from CVE-2006-XXXX to the real
CVE name, I might even be able to automatically infer the transition
of the internal identifier (used by debsecan) to the CVE ID.
> Nothing is too minor for MITRE, it's just that someone need to push it
> to them. But we should track this process in SVN, e.g. with a short file
> who did it, when at and at what time we pinged them etc.
I doubt that the Subversion repository is best suited to this kind of
task, but I'll shut up until I can offer something better. 8-)
More information about the Secure-testing-team
mailing list