Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
On Fri, Oct 21, 2016 at 11:30:04AM +0100, Chris Lamb wrote:
> Guido Günther wrote:
>
> > I'd just use bin/report-vuln ?
>
> … one of these days I'm going to look at everything in bin/* and actually
> remember what it does :)
>
> (Yay, for saving myself writing such a thing!)
>
> > I'd say unstable and then "found".
>
> How come, out of interest? AIUI the tradeoff here is that if the "found" step
> gets skipped, the BTS does not believe it is vulnerable and thus it won't get
> (correctly) kicked out of testing, etc. etc.
IIRC if we file against wheezy not all newer versions get marked as
affected (but I might be wrong) so there is a found/notfound step
involved in either case atm.
Cheers,
-- Guido
Reply to: