[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tracker CVE feed source

Hi Gerfried,
* Gerfried Fuchs <rhonda@deb.at> [2008-08-04 22:11]:
> * Nico Golde <nico@ngolde.de> [2008-08-04 21:01:18 CEST]:
> > * Thijs Kinkhorst <thijs@debian.org> [2008-08-04 20:16]:
> > > We have the following options:
> > > - Keep the current feed.
> > >   It works. But, it's only updated a few times a week, but this may get more
> > >   often in the future.
> > 
> > While I agree that this may be bad because we get some of 
> > the vulnerabilities later I also see a good thing in this. 
> > This way we don't have to work on this every day but are 
> > able to work on bigger chunks every now and then which may 
> > be better unless we have more active people working on new 
> > CVE ids.
>  I don't follow that reasoning. Even if the stuff gets in more timely it
> doesn't mean that they would have to get processed more timely than they
> are processed currently. If you feel like working on bigger chunks feel
> free to let it pile up like it's done through the way it's received. I
> see much bigger advantages with changing it than what might be
> considered a good thing in this...

Yes but then there is also no advantage doing it the other 
way. But maybe you are right and it would be slightly better 
as those issues show up in the TODO section of the tracker 
so people can see that these issues are already "known".

>  About directly feeding the mails in, how many commits a day are we
> speaking here?

I'm not sure if they send one mail for each new CVE id. If 
the mail system behaves like the rss feed updating small 
chunks then this would be 1-3 commits per day.

Kind regards
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp8UU58gG_jR.pgp
Description: PGP signature

Reply to: