Re: Dealing with renamed source packages during CVE triaging

To: Raphael Hertzog <hertzog@debian.org>, debian-lts@lists.debian.org
Subject: Re: Dealing with renamed source packages during CVE triaging
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 28 Mar 2017 15:19:56 +0200
Message-id: <[🔎] 20170328131956.GA7711@inutil.org>
In-reply-to: <[🔎] 20170328131141.zu3acjdk633lsn44@home.ouaza.com>
References: <[🔎] 20170328131141.zu3acjdk633lsn44@home.ouaza.com>

On Tue, Mar 28, 2017 at 03:11:41PM +0200, Raphael Hertzog wrote:
> Hello,
> 
> So it looks like we have to tweak our worflow and/or build something
> to make sure that we do not miss to handle issues in such packages.
> What do you think ? What would be the proper approach ?

I'd suggest a cron job running once or twice per day, which keeps
a table of (current source package name / old source package name(s))
and adds SOURCEPACKAGE <undetermined> for the older source package.
These can then be set to <unfixed> or <not-affected> after manual
triage.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Dealing with renamed source packages during CVE triaging
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Dealing with renamed source packages during CVE triaging
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Dealing with renamed source packages during CVE triaging
Next by Date: Re: Dealing with renamed source packages during CVE triaging
Previous by thread: Dealing with renamed source packages during CVE triaging
Next by thread: Re: Dealing with renamed source packages during CVE triaging
Index(es):
- Date
- Thread