Re: Freeze Please?

To: debian-devel@lists.debian.org
Subject: Re: Freeze Please?
From: "Marcelo E. Magallon" <mmagallo@debian.org>
Date: Fri, 7 Feb 2003 09:19:19 +0100
Message-id: <[🔎] 20030207081919.GA1563@informatik.uni-stuttgart.de>
Mail-followup-to: "Marcelo E. Magallon" <mmagallo@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030207043039.GB31736@homer.opus.geek>
References: <[🔎] E18gVqQ-0002Oa-00@snot.cs.unm.edu> <[🔎] 20030205214629.GA27688@maybe.net> <[🔎] 20030206050309.GB25259@azure.humbug.org.au> <[🔎] 20030206080552.GA28260@informatik.uni-stuttgart.de> <[🔎] 20030206143849.GA3236@azure.humbug.org.au> <[🔎] 20030206182226.GB5030@informatik.uni-stuttgart.de> <[🔎] 20030207041015.GD17980@azure.humbug.org.au> <[🔎] 20030207043039.GB31736@homer.opus.geek>

On Thu, Feb 06, 2003 at 10:30:39PM -0600, Graham Wilson wrote:

 > is there an easy way (or any way, for that matter) to find out which
 > security bugs affect testing?

 Not that I know of.  Take for example wget.  There was a security
 update with release 1.8.2-8; testing has 1.8.2-5.  DSA-209-1.  AFAICS
 the version in testing is still vulnerable.

 I think the first step is documenting the vulnerabilities.

 The easiest way for archieving this is going thru all the DSAs,
 checking the version they affect and checking the version in testing,
 then checking the reported bugs and filing bugs tagged "security,
 sarge" (or tagging existing ones) and setting the severity to critical.

 Who wants to help?

-- 
Marcelo

Reply to:

Follow-Ups:
- Re: Freeze Please?
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Freeze Please?
  - From: Barak Pearlmutter <bap@cs.unm.edu>
- Re: Freeze Please?
  - From: Chris Jantzen <chris@maybe.net>
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Freeze Please?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Freeze Please?
  - From: Graham Wilson <bob@decoy.wox.org>

Prev by Date: Re: Freeze Please?
Next by Date: Re: Compiling Debian packages for DJGPP ?
Previous by thread: Re: Freeze Please?
Next by thread: Re: Freeze Please?
Index(es):
- Date
- Thread