Re: Dealing with renamed source packages during CVE triaging
On Tue, 28 Mar 2017, Moritz Muehlenhoff wrote:
> I'd suggest a cron job running once or twice per day, which keeps
> a table of (current source package name / old source package name(s))
> and adds SOURCEPACKAGE <undetermined> for the older source package.
> These can then be set to <unfixed> or <not-affected> after manual
Why this and not the usual "SOURCEPACKAGE <removed>" tag followed by
a codename-specific tag added after triaging: "[wheezy] SOURCEPACKAGE
<not-affected>" if needed?
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/