Re: Dealing with renamed source packages during CVE triaging

To: Raphael Hertzog <hertzog@debian.org>, debian-lts@lists.debian.org
Subject: Re: Dealing with renamed source packages during CVE triaging
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 28 Mar 2017 15:56:45 +0200
Message-id: <[🔎] 20170328135645.GA8006@inutil.org>
In-reply-to: <[🔎] 20170328135512.dmvj2bnktosbjss2@home.ouaza.com>
References: <[🔎] 20170328131141.zu3acjdk633lsn44@home.ouaza.com> <[🔎] 20170328131956.GA7711@inutil.org> <[🔎] 20170328135512.dmvj2bnktosbjss2@home.ouaza.com>

On Tue, Mar 28, 2017 at 03:55:12PM +0200, Raphael Hertzog wrote:
> On Tue, 28 Mar 2017, Moritz Muehlenhoff wrote:
> > I'd suggest a cron job running once or twice per day, which keeps
> > a table of (current source package name / old source package name(s))
> > and adds SOURCEPACKAGE <undetermined> for the older source package.
> > These can then be set to <unfixed> or <not-affected> after manual
> > triage.
> 
> Why this and not the usual "SOURCEPACKAGE <removed>" tag followed by
> a codename-specific tag added after triaging: "[wheezy] SOURCEPACKAGE
> <not-affected>" if needed?

That's also fine, since usually the older versions happens to be affected
in most cases.

Cheers,
        Moritz

Reply to:

References:
- Dealing with renamed source packages during CVE triaging
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Dealing with renamed source packages during CVE triaging
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Dealing with renamed source packages during CVE triaging
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: Dealing with renamed source packages during CVE triaging
Next by Date: Update wheezy samba to 3.6.25?
Previous by thread: Re: Dealing with renamed source packages during CVE triaging
Next by thread: Update wheezy samba to 3.6.25?
Index(es):
- Date
- Thread