Bug#603934: packages.debian.org: CVE links in changelogs should point to security-tracker.debian.org
On Fri, Nov 19, 2010 at 01:40:21PM +0100, Gerfried Fuchs wrote:
> ... replying to myself:
> * Gerfried Fuchs <firstname.lastname@example.org> [2010-11-19 13:37:12 CET]:
> > * Jakub Wilk <email@example.com> [2010-11-18 17:05:40 CET]:
> > > CVE links in changelogs point currently to
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-XXXX
> > >
> > > It would be nice if they pointed to
> > > http://security-tracker.debian.org/CVE-XXXX-XXXX
> > Is this fine with the security team? I'm not sure wether the additional
> > load for the tracker code would be working of if you'd rather not have
> > it pointing there.
> I guess the same question could be raised with respect to in the DSAs
> on the website. I'm not that convinced anymore that it is that well of
> an idea to have the links in one part pointing to mitre and in a
> different one to the security-tracker, so the decision should be done
> for both.
I don't think this poses a problem load-wise.