Re: script to review no-dsa packages fixed in LTS-1 and TLS+1
On 07/07/2020 17:00, Roberto C. Sánchez wrote:
> On Tue, Jul 07, 2020 at 04:37:30PM +0200, Emilio Pozuelo Monfort wrote:
>> I've worked on a script to find these cases so they can be reviewed. It doesn't
>> consider packages that have been fixed in lts+1 via unstable, but only those that
>> have been explicitly fixed there via DSA or point release. I could change that, but
>> for now there's enough CVEs to review so let's start with that.
> This sounds very close to the issue lts-team/lts-extra-tasks#11. You
> made a preliminary comment a week ago saying you would likke into it.
> Would you mind updating that issue with your work-in-progress?
Done. That would be in  if anybody feels like reviewing it.
> you should consider assigning it to yourself to ensure that there is not
> duplication of effort.
I think I did that :-)