Re: Dealing with renamed source packages during CVE triaging
On Tue, Mar 28, 2017 at 03:11:41PM +0200, Raphael Hertzog wrote:
> So it looks like we have to tweak our worflow and/or build something
> to make sure that we do not miss to handle issues in such packages.
> What do you think ? What would be the proper approach ?
I'd suggest a cron job running once or twice per day, which keeps
a table of (current source package name / old source package name(s))
and adds SOURCEPACKAGE <undetermined> for the older source package.
These can then be set to <unfixed> or <not-affected> after manual