Re: finding packages after no-dsa

[Ola Lundqvist <ola@inguza.com>]

Hi

Isn't the main question whether postponed for LTS is relevant? Either it should be ignored or fixed.

The trigger should be that if main Security team has marked something as posponed it should be listed in the wheezy todo list until it is marked as ignored.

If we decide to ignore it then it should go away.

I do not think we really have the possibility to postpone issues in LTS, right?

// Ola

On 11 April 2018 at 21:45, Antoine Beaupré <anarcat@orangeseeds.org> wrote:

On 2018-04-11 15:27:33, Antoine Beaupré wrote:
> Note that the script does *not* detect `postponed` at all right now,
> which means postponed issues are in a state worse than `no-dsa` right
> now: they just go off the radar completely.

Okay, nevermind: postponed comes out as "nodsa" in the JSON dump, so we
do the right thing there. Still, I guess the underlying question remains
overall: do we want to depend on the main security team to followup on
those issues?

--
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of speech
because I have nothing to say."
                        - Edward Snowden

--

 --- Inguza Technology AB --- MSc in Information Technology ----

/  ola@inguza.com                    Folkebogatan 26            \

|  opal@debian.org                   654 68 KARLSTAD            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

 ---------------------------------------------------------------