[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: lts-cve-triage.py: patch to check no-dsa tags in already triaged issues


El 25/08/15 a las 14:33, Raphael Hertzog escribió:
> Hi,
> On Mon, 24 Aug 2015, Santiago Ruano Rincón wrote:
> > The attached patch makes lts-cve-triage.py to check if already triaged
> > issues have been tagged no-dsa in the next distribution. Do you think
> > it's ok? May I push/commit the changes?
> I don't have a problem with your patch. But if we add something to
> dla-needed.txt and we send a mail to maintainers telling then
> that we want to fix an issue, and afterwards we end up tagging it
> as no-dsa, I find this bad.

For the record, before tagging CVE-2015-5180 as no-dsa and sending the
email to the eglibc maintainers, I searched for a previous related mail,
but I didn't find any.

> Thus it would be better if we fixed packages listed in dla-needed.txt
> even if the security team tagged the same issues as no-dsa afterwards.
> What do you think?

I don't know. Is the no-dsa tag aimed to prioritize tasks or to avoid to
upload unworthy changes, especially on important packages?
Anyway, I suppose that depends on the issue and the package. For simple
fixes, I agree with you (and then, I'll upload the pending fixes in ruby1.8
and ruby1.9.1).



Attachment: signature.asc
Description: Digital signature

Reply to: