Hi Dann, * dann frazier <dannf@debian.org> [2008-05-23 20:40]: > Package: security-tracker > > I've been trying to use the tracker repository more actively for > tracking kernel updates and so far it is going pretty well. One > feature request I have is the ability to mark an issue as > pending. Usually multiple issues are queued up for a kernel DSA, and > its nice to be able to filter out issues that have already been > committed to the kernel repository. > > I know I could use NOTEs for this, but I'd prefer to be able to note > this on a per-package basis. Something like the following would work > for my use case: > > CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...) > - linux-2.6 <unfixed> > - linux-2.6 <unfixed> (pending 2.6.18.dfsg.1-18etch5) > - linux-2.6.24 <unfixed> (pending 2.6.24-6~etchnhalf.3) > NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02 > > Or, maybe it makes more sense to add a new status - e.g. <pending> instead of <unfixed>; > I don't have enough experience with the tracker to say for sure. (And > I realize that I could write my own tool to cross-reference the > security tracker w/ the kernel repository, but hey - I'm lazy.. and > this might be a good feature for the tracker in general). What would be the effective difference to mark this as fixed in <version> and add for example a NOTE? Adding a pending tag I see alot more work to keep this up2date. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpuDFEwG1xKl.pgp
Description: PGP signature