Reminder of the claim mechanism
Hi,
since several people are processing CVE IDs these days I'd like to
remind of the claim mechanism we used some time ago. This could
prevent some wasted work. However, if the current system works fine
for everyone, just stay with it:
Processing TODO entries
-----------------------
The Mitre update typically manifests in new CVE entries. So what we do
is to update our svn repository and then edit data/CVE/list and look
for new TODO entries. These will often be in blocks of 10-50 or so,
depending on how many new issues they have assigned. Depending on how
you feel you will "claim" a block of say 10 new entries by
putting your name in the file at the beginning and the end of the new
TODO entries and then commit the repository. This looks like this:
begin claimed by jmm
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP
usernams and ...)
TODO: check
CVE-2005-4065 (SQL injection vulnerability in the search module in
Edgewall Trac ...)
TODO: check
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums
before 1.5.1 allows ...)
TODO: check
end claimed by jmm
Once these are checked-in, then others will not do work on these TODO
issues.
Cheers,
Moritz
Reply to: