[Secure-testing-team] [Secure-testing-commits] r12161 - data/CVE

Michael S. Gilbert michael.s.gilbert at gmail.com
Mon Jun 22 01:14:05 UTC 2009


On Sun, 21 Jun 2009 21:33:10 +0200 Moritz Muehlenhoff wrote:

> On Fri, Jun 19, 2009 at 04:28:53PM -0400, Michael S. Gilbert wrote:
> > On Fri, 19 Jun 2009 22:13:32 +0200, Giuseppe Iuculano wrote:
> > > Michael S. Gilbert ha scritto:
> > > > i don't see the need for this reversion.  if the tracker has these new
> > > > versions, which have not yet entered the archive, then it does not mark
> > > > the older version (that's still in the archive) as fixed or anything
> > > > that would be confusing or incorrect. in fact, i think that it is more
> > > > useful to track the fixed version whether or not it has entered the
> > > > archive yet.
> > > > 
> > > > maybe i've missed something?  what is the philosophy behind this
> > > > decision?
> > > 
> > > As Moritz pointed me out, adding entries for packages accepted in stable but not
> > > yet entered in the archive makes more difficult to track issues which still need
> > > to be addressed for a DSA.
> > 
> > yes, but all of these are for a an upcoming point release, correct?  and
> > hence will not be involved in any upcoming DSA?  from my perspective,
> > that doesn't make tracking TODO DSAs any more difficult.
> > 
> > i still don't see the problem.
> 
> All these issues still need to be marked no-dsa until the fixed package
> has actually been released with a point release.

ok, i see now.  the philosophy here is prevent these issues from
popping up in the tracker as presently affected (via the <no-dsa> tag).

Dann Frasier's <pending> idea (bug #482577) would be useful in this type
of situation.

mike



More information about the Secure-testing-team mailing list