[Secure-testing-team] Assigning unique identifiers (CVE?)
Florian Weimer
fw at deneb.enyo.de
Fri Mar 10 07:39:25 UTC 2006
* Moritz Muehlenhoff:
>> Okay, in this case, this is probably the way to go. If we keep the
>> text in square brackets once we switch from CVE-2006-XXXX to the real
>> CVE name, I might even be able to automatically infer the transition
>> of the internal identifier (used by debsecan) to the CVE ID.
>
> Good, will this database rework include support for distribution specific
> discards of not-affected and no-dsa? (At least in the web display)
> That would be great, because the web display is getting noisy.
Yes, this should be possible to implement. In the existing framework,
this is rather difficult (or it would involve code duplication between
the SQL and Python parts).
> The best solution would be if a single person volunteers to handle the
> backlog, keeping track of what has already been sent and pings
> where necessary.
Uhm, this requires network access, which is a bit scarce for me right
now. I'll concentrate on the infrastructure stuff. Maybe later, once
I've moved closer to my workplace.
More information about the Secure-testing-team
mailing list