Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
- To: Paul Wise <pabs@debian.org>, 761730@bugs.debian.org, 761859@bugs.debian.org, Holger Levsen <holger@layer-acht.org>, debian-security-tracker@lists.debian.org
- Subject: Bug#761730: tracker.d.o: please provide links to https://security-tracker.debian.org/tracker/source-package/$PKG
- From: Raphael Hertzog <hertzog@debian.org>
- Date: Wed, 18 Feb 2015 11:14:11 +0100
- Message-id: <[🔎] 20150218101411.GA9684@home.ouaza.com>
- Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Paul Wise <pabs@debian.org>, 761730@bugs.debian.org, 761859@bugs.debian.org, Holger Levsen <holger@layer-acht.org>, debian-security-tracker@lists.debian.org
- Reply-to: Raphael Hertzog <hertzog@debian.org>, 761730@bugs.debian.org
- In-reply-to: <20140916074457.GC25130@x230-buxy.home.ouaza.com>
- References: <201409160108.25028.holger@layer-acht.org> <CAKTje6GiHFkL=y01oOmWxzFuSFd9UQhc1BKQSQBcP4HZimxpBQ@mail.gmail.com> <20140916074457.GC25130@x230-buxy.home.ouaza.com>
Hi,
On Tue, 16 Sep 2014, Raphael Hertzog wrote:
> Let's not continue that bad tradition. If anything it should provide
> either YAML or JSON with something structured:
>
> bind9:
> squeeze:
> open:
> - CVE-XXX
> - CVE-YYY
> open-unimportant:
> - ...
> resolved:
> - ...
> wheezy:
> ...
One thing that comes to my mind is that we probably also want the
associated Debian bug number when there's an associated bug report.
So instead of a plain CVE identifier we probably want a hash:
{ 'id': 'CVE-XXXX-XXXX', 'bug': '12345', 'severity': 'low' }
That way we could also export the severity and easily add more data
in case of future needs.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: