Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
On Fri, Oct 21, 2016 at 11:30:04AM +0100, Chris Lamb wrote:
> Guido Günther wrote:
> > I'd just use bin/report-vuln ?
> … one of these days I'm going to look at everything in bin/* and actually
> remember what it does :)
> (Yay, for saving myself writing such a thing!)
> > I'd say unstable and then "found".
> How come, out of interest? AIUI the tradeoff here is that if the "found" step
> gets skipped, the BTS does not believe it is vulnerable and thus it won't get
> (correctly) kicked out of testing, etc. etc.
IIRC if we file against wheezy not all newer versions get marked as
affected (but I might be wrong) so there is a found/notfound step
involved in either case atm.