Hi all,the last days I found the data/dla-needed.txt in the security-tracker Git repo rather empty, no new work-needing packages have been added by LTS frontdesk and I wonder the following things:
* are we behind with LTS CVE triaging? * is the security team behind with CVE triaging and LTS waits for the security team to triage issues first? * is extra CVE triaging for LTS only? * is extra CVE triaging required for non-LTS and the security team could need a hand?When I look into the output of bin/lts-cve-triage.py, I see many CVE issues with state "undetermined" for jessie. When I look into the security-tracker's WebUI, it shows that most of them are also undetermined for all other versions of Debian.
Overall question, do we have spots in our workflow where man power is needed right now other than with fixing packages?
Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpxj_DNNe4uT.pgp
Description: Digitale PGP-Signatur