[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Good communication with upstream is good idea

On Mon, 21 Jul 2008 21:59:37 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:

> * Stephan Hermann:
> 
> >> What's the correct way to get it out of Unbuntu (universe)?  I
> >> don't want to relicense it, but if asking politely does not work,
> >> it seems to be my only choice.
> 
> > What needs to be done to make it work on Ubuntu, too?
> 
> debsecan needs to be patched to download CVE meta-data from Launchpad,
> and someone needs to maintain the data in Launchpad.
> 

So, we need somehow the CVE data from LP or from a source which is
being trusted by Ubuntu...
A relation between open CVEs in Ubuntu packages and closed CVEs in
ubuntu-security packages...

I don't know how far the LP guys are in giving out this data, but I
know that we have the CVE tracker of Ubuntu (kees, jd, emgent
please jump in and fill in any gaps ;)) and we could use this data,
right?

Now I need to find the time to check the source in general, and how
difficult it will to patch it to our needs...and to make Florian
happy :)

\sh
Reply to: