Bug#787929: lintian: warn against security-tracker TEMP references in changelog

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#787929: lintian: warn against security-tracker TEMP references in changelog
From: Jakub Wilk <jwilk@debian.org>
Date: Sat, 6 Jun 2015 15:09:52 +0200
Message-id: <[🔎] 20150606130952.GA582@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 787929@bugs.debian.org

Package: lintian
Version: 2.5.31
Severity: wishlist

In #785254, Salvatore Bonaccorso wrote:

On Wed, May 13, 2015 at 10:53:22PM +0200, Daniel Stender wrote:
+  * add fix-insecure-use-of-tmp-when-calling-c44.diff, fix
+    of security issue TEMP-0784889-495CCA, see #784888 (closed
+    in Sid by 0.4-1).
Do not use these temporary items since they can change over time (e.g.when a CVE is assigned they do not exist anymore, or even if we changesome metadata in the security-tracker. So I suggest to just write anexpalanation what the issue is, or -- if a CVE is assigned -- includethe CVE id.

DCS finds a few cases where such a temporary identifier was used in achangelog:

https://codesearch.debian.net/search?q=\bTEMP-[0-9]%2B-[0-9A-F]%2B\b+path%3Achangelog

It would be nice if Lintian could catch such mistakes.

--
Jakub Wilk

Reply to:

Prev by Date: Bug#787853: lintian: Do not complain about lack of LFS from local implementations
Next by Date: Bug#787930: [checks/po-debconf] uses TEMPDIR instead of TMPDIR
Previous by thread: Bug#787853: lintian: Do not complain about lack of LFS from local implementations
Next by thread: Bug#787930: [checks/po-debconf] uses TEMPDIR instead of TMPDIR
Index(es):
- Date
- Thread