Re: Package dependency versions and consistency

To: debian-devel@lists.debian.org
Subject: Re: Package dependency versions and consistency
From: Paul Wise <pabs@debian.org>
Date: Fri, 25 Dec 2020 06:36:12 +0000
Message-id: <[🔎] CAKTje6EZphzMakB+n-DhNahppmWj+iyvLbDihGsu2RtPDyq6QQ@mail.gmail.com>
In-reply-to: <[🔎] 20201222220100.GA6924@localhost>
References: <[🔎] 160820908322.3822905.3803292725902751282@auryn.jones.dk> <X91Ib/s8eQ4bt0NE@localhost> <[🔎] 20201222220100.GA6924@localhost>

On Tue, Dec 22, 2020 at 10:24 PM Adrian Bunk wrote:

> To me it always feels as if these ecosystems are not interested in
> providing any support for that.

NPM at least provides security advisories. I used to try syncing those
to the Debian sectracker but don't bother now as it is too much work
to do manually and I don't think the Debian secteam want automatic
importing of non-CVE security issue databases.

https://www.npmjs.com/advisories

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Re: How should we handle greenbone-security-assistant?
  - From: Jonas Smedegaard <jonas@jones.dk>
- Package dependency versions and consistency
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: Package dependency versions and consistency
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Re: Do I need a sponsor to submit a new package?
Next by Date: Bug#978053: ITP: golang-github-logrusorgru-grokky -- pure Golang Grok-like library
Previous by thread: Re: Package dependency versions and consistency
Next by thread: Re: Package dependency versions and consistency
Index(es):
- Date
- Thread