[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: No DLA for xen, librsvg, libidn?

Antoine Beaupré <anarcat@orangeseeds.org> writes:
> I wonder if some of that stuff should be automated. I am fairly new with
> the security process, how often do mistakes like this happen anyways?
>
> And how hard would it be to automate this?

I would suggest a move useful thing to automate would be filling in more
details in the template email "bin/gen-DLA --save" creates. For example,
it could automatically pull in a summary for each CVE from data/CVE/list
and insert it in the template email. If you are only closing one CVE it
doesn't make a huge difference (except perhaps as an additional sanity
check you listed the correct CVE), if there are many CVE's the risk of
error in filling out details for one of the CVEs by hand increases. It
could also add more standardised text (such as "This is fixed in version
X; we recommend you upgrade.").
-- 
Brian May <bam@debian.org>
Reply to: