[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dealing with renamed source packages during CVE triaging

On Tue, 28 Mar 2017, Moritz Muehlenhoff wrote:
> I'd suggest a cron job running once or twice per day, which keeps
> a table of (current source package name / old source package name(s))
> and adds SOURCEPACKAGE <undetermined> for the older source package.
> These can then be set to <unfixed> or <not-affected> after manual
> triage.

Why this and not the usual "SOURCEPACKAGE <removed>" tag followed by
a codename-specific tag added after triaging: "[wheezy] SOURCEPACKAGE
<not-affected>" if needed?

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: