Re: Sub-release information on per-source-package page

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Florian Weimer <fw@deneb.enyo.de>, debian-security-tracker@lists.debian.org
Subject: Re: Sub-release information on per-source-package page
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 27 May 2015 10:14:09 +0200
Message-id: <[🔎] 20150527081409.GC18170@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, Florian Weimer <fw@deneb.enyo.de>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 20150525130048.GA30704@inutil.org>
References: <[🔎] 87oala0xh3.fsf@mid.deneb.enyo.de> <[🔎] 20150524165904.GA11618@inutil.org> <[🔎] 87r3q5zy0v.fsf@mid.deneb.enyo.de> <[🔎] 20150524173103.GA28251@pisco.westfalen.local> <[🔎] 20150525041846.GA22018@eldamar.local> <[🔎] 20150525130048.GA30704@inutil.org>

On Mon, 25 May 2015, Moritz Muehlenhoff wrote:
> > If I understand the approach correctly, this mean we could as well add
> > the fixed versions through (o)s-pu directly to the data/CVE/list once
> > accepted by the stable release managers instead of keeping them in
> > separate list data/next-(oldstable-)point-update.txt and merge it at
> > point release time?
> 
> I don't think anything would change wrt spu/ospu?
> People don't have spu in their apt sources, so a fix is really only
> visible to them once it has moved into stable proper.

Correct but that is not a problem since the security tracker doesn't
watch spu/opu... so we can put version numbers of packages which are there
and let the tracker decide that the corresponding CVE are still open
since the fixed versions are not yet in stable/oldstable.

IMO the usage of this intermediary file is a nuisance that hides useful
information in the tracker...

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

References:
- Sub-release information on per-source-package page
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Sub-release information on per-source-package page
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Sub-release information on per-source-package page
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Sub-release information on per-source-package page
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Sub-release information on per-source-package page
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: Sub-release information on per-source-package page
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: External check
Next by Date: upgrading soler.d.o
Previous by thread: Re: Sub-release information on per-source-package page
Next by thread: Re: Sub-release information on per-source-package page
Index(es):
- Date
- Thread