[Secure-testing-team] References to Secunia IDs
Raphael Geissert
atomo64+debian at gmail.com
Thu Nov 20 21:20:54 UTC 2008
Florian Weimer wrote:
> * Raphael Geissert:
>
>> I believe it is better to have a Secunia ID than no other
>> information to easily identify the issue. Or should I stop asking
>> for that?
>
> We should really concentrate on CVEs.
I never said we shouldn't.
I just though that having some sort of id when a CVE isn't known/assigned would
be better than none (one could argue that the BTS' bug id is...).
> The United States haven't got a
> notion of database copyright, so their naming service won't have any
> IPR issues. In addition, we've got local copies of their database.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list