Re: What pain points exist in the current security-tracker structure?

[Adrian Bunk <bunk@debian.org>]

On Sun, Apr 06, 2025 at 07:33:22PM +0200, Bastien Roucaries wrote:
> Le dimanche 6 avril 2025, 09:25:58 heure d’été d’Europe centrale Roberto C. 
> Sánchez a écrit :
>...
> > As one example, some time ago I encountered the issue of the size of
> > data/CVE/list, specifically in the context of a git blame operation
> > taking a few hours to complete. I became convinced that data/CVE/list
> > needs to be split. As I've done some research on the topic, the answer
> > to that is far from clear. I'm less convinced now that "split
> > data/CVE/list" is the de facto right solution, and I'm definitely
> > convinced that a big change here will not be accepted without many good
> > reasons and proof that doesn't also include some massive drawbacks.
> 
> split per year will help here.
>...

Which is not easy, see
https://salsa.debian.org/security-tracker-team/security-tracker-service/-/issues/1

cu
Adrian