Reminder of the claim mechanism

To: debian-security-tracker@lists.debian.org
Subject: Reminder of the claim mechanism
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 16 Oct 2007 23:28:25 +0200
Message-id: <[🔎] 20071016212825.GA4406@galadriel.inutil.org>

Hi,
since several people are processing CVE IDs these days I'd like to
remind of the claim mechanism we used some time ago. This could
prevent some wasted work. However, if the current system works fine
for everyone, just stay with it:

   Processing TODO entries
   -----------------------
   The Mitre update typically manifests in new CVE entries. So what we do
   is to update our svn repository and then edit data/CVE/list and look
   for new TODO entries. These will often be in blocks of 10-50 or so,
   depending on how many new issues they have assigned. Depending on how
   you feel you will "claim" a block of say 10 new entries by
   putting your name in the file at the beginning and the end of the new
   TODO entries and then commit the repository. This looks like this:

   begin claimed by jmm
   CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP
   usernams and ...)
            TODO: check
   CVE-2005-4065 (SQL injection vulnerability in the search module in
   Edgewall Trac ...)
            TODO: check
   CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums
   before 1.5.1 allows ...)
            TODO: check
   end claimed by jmm

   Once these are checked-in, then others will not do work on these TODO
   issues.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: [Secure-testing-commits] r6972 - data/CVE
Next by Date: Re: [Secure-testing-commits] r6997 - data/CVE
Previous by thread: Re: [Secure-testing-commits] r6972 - data/CVE
Next by thread: Re: [Secure-testing-commits] r6997 - data/CVE
Index(es):
- Date
- Thread