[Secure-testing-team] Re: oooold CVEs

Alec Berryman alec at thened.net
Mon May 22 21:35:26 UTC 2006


Stefan Fritsch on 2006-05-22 23:12:02 +0200:

> Personally, I think there are better ways to spent your time than on
> those old issues which are long fixed or have become irrelevant.
>
> Maybe one should remove the TODO-lines from them (I think there was
> some discussion about this before). This way the webpage would give a
> reasonable estimate about the number of open TODO issues, too.
> 
> What do you (and the others) think?

Thank you for your concern.  The really old NFUs were the result of fun
with vim macros during a Battlestar Galactica marathon.  I have no plan
to go through the entire CVE list :) but hoped to get the tracker todo
loading a bit quicker by removing the ones obviously relating to
Microsoft, Cisco, and the like.  It didn't work so well - must be too
many PHP bulletin boards out there.

I pinged Florian a few days ago about hiding the really old CVEs and he
mentioned two things: a few of them apparently haven't been fixed, and
that there used to be a cutoff marker.  The ones that haven't been fixed
are unlikely to be severe, so I'm not worried about those at this point.
I poked around for a few minutes but didn't find the marker in old
revisions, and after an equally brief inspection of the tracker I didn't
find code to recognize such a marker; I'll probably send in a patch for
the tracker to optionally hide old CVEs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060522/76f93d2d/attachment.pgp


More information about the Secure-testing-team mailing list