Re: No DLA for xen, librsvg, libidn?
On 2016-05-19 19:22:18, Brian May wrote:
> Antoine Beaupré <anarcat@orangeseeds.org> writes:
>> I wonder if some of that stuff should be automated. I am fairly new with
>> the security process, how often do mistakes like this happen anyways?
>>
>> And how hard would it be to automate this?
>
> I would suggest a move useful thing to automate would be filling in more
> details in the template email "bin/gen-DLA --save" creates. For example,
> it could automatically pull in a summary for each CVE from data/CVE/list
> and insert it in the template email. If you are only closing one CVE it
> doesn't make a huge difference (except perhaps as an additional sanity
> check you listed the correct CVE), if there are many CVE's the risk of
> error in filling out details for one of the CVEs by hand increases. It
> could also add more standardised text (such as "This is fixed in version
> X; we recommend you upgrade.").
Actually - I often parse this from the debian/changelog.
a.
--
Travail, du latin Tri Palium trois pieux, instrument de torture.
Reply to:
- References:
- No DLA for xen, librsvg, libidn?
- From: Salvatore Bonaccorso <carnil@debian.org>
- Re: No DLA for xen, librsvg, libidn?
- From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: No DLA for xen, librsvg, libidn?
- From: Raphael Hertzog <hertzog@debian.org>
- Re: No DLA for xen, librsvg, libidn?
- From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: No DLA for xen, librsvg, libidn?
- From: Brian May <bam@debian.org>