Don't use temporary identifiers from the Security Tracker in advisories

To: debian-lts@lists.debian.org
Subject: Don't use temporary identifiers from the Security Tracker in advisories
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 5 Dec 2018 08:17:43 +0100
Message-id: <[🔎] 20181205071743.qmabae7vjj2znsge@inutil.org>

Wrt https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html

The internal IDs from the tracker _not_ meant for external publication,
this will only lead to stupid chain reactions where external parties
pick them up and then they perpetuate.

Either simply write "no CVE allocated" or rather do the right thing
and request an ID via https://cveform.mitre.org

Cheers,
        Moritz

Reply to:

Prev by Date: ELTS November Report
Next by Date: openssl 1.0 support on stretch LTS
Previous by thread: ELTS November Report
Next by thread: openssl 1.0 support on stretch LTS
Index(es):
- Date
- Thread