Re: [tracker] New sub-states for issues tagged no-dsa
Hi,
On Fri, Aug 11, 2017 at 09:01:37PM +0200, Sébastien Delafond wrote:
> After some discussion about what no-dsa really means, I've added 2 new
> sub-states to the tracker, and they can be used as follows:
>
> CVE-2018-10012345
> - foo <unfixed> (bug #9876543)
> [stretch] - shadow <postponed> (Minor issue, later)
> [jessie] - shadow <postponed> (Minor issue, later)
> [wheezy] - shadow <postponed> (Minor issue, later)
> CVE-2018-10012346
> - foo <unfixed> (bug #9876542)
> [stretch] - shadow <ignored> (maintainer choice)
> [jessie] - shadow <ignored> (maintainer choice)
> [wheezy] - shadow <ignored> (maintainer choice)
>
> The actual state will still be "no-dsa" in both cases, but hopefully the
> sub-state clears things up as to *why* we chose no-dsa.
This is awesome and will make it much clearer why s.th. is actually
no-dsa. We can now also go through postponed issues and check whether
they actually got fixed in a point release.
Cheers,
-- Guido
>
> The per-issue web views does expose those sub-states, see for instance
> libemail-address-perl[1] and cacti[2], and the status pages[3][4][5]
> allow to filter on them (someone with actual web skills should probably
> make it so that checking "include issues tagged <ignored/postponed>"
> automatically checks "include issues tagged <no-dsa>").
>
> Cheers,
>
> --Seb
>
> [1] https://security-tracker.debian.org/tracker/source-package/libemail-address-perl
> [2] https://security-tracker.debian.org/tracker/source-package/cacti
> [3] https://security-tracker.debian.org/tracker/status/release/stable
> [4] https://security-tracker.debian.org/tracker/status/release/oldstable
> [5] https://security-tracker.debian.org/tracker/status/release/oldoldstable
>
Reply to: