[Secure-testing-team] References to Secunia IDs
Raphael Geissert
atomo64+debian at gmail.com
Wed Nov 19 22:07:27 UTC 2008
Moritz Muehlenhoff wrote:
> When filing bugs, please don't ask maintainers to refer to Secunia IDs.
> The entries in there are often poorly researched and not suitable as
> unique references among distributions. Rather point them to the CVE
> entry or - if not yet available - tell them that a CVE ID is going
> to be requested.
This is what I have on my template:
> If you fix the vulnerability please also make sure to include the SA id (or
> the CVE id when one is assigned) in the changelog entry.
Do I really need to mention that "a CVE ID is going to be requested"?
I believe it is better to have a Secunia ID than no other information to easily
identify the issue. Or should I stop asking for that?
>
> Cheers,
> Moritz
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list