Hi, * Richard Hartmann <richih.mailinglist@gmail.com> [2008-12-08 09:54]: > On Mon, Dec 8, 2008 at 09:32, Nico Golde <nion@debian.org> wrote: > > I think your imagination of the process is way to easy, > > it's more than reading and directly editing the tracker, the > > same process like the one for new CVE ids apply, checking if > > the package is in Debian, if not checking if there is an itp > > or if it's NFU, > > Can be done with a script of a few lines (unless the whole > thing has been renamed). This can not be done with a script exactly because of this. > > check other packages embedding this source > > code, > > Should be do-able with a few more lines, but will probably > need manual verification. Huh? Please come up with code if you think it's that easy. In the past we did some checks for this using clamav signatures and I can tell you, it's not that easy. > > check other packages having similar code... > > Needs manual verification & work. > > Yet, none of these speak against a pointer of the fix already > being available once the above steps have been finished. And > that is what Michael is offering. > It will certainly not make every issue disappear magically. But > it may help in quite a few cases. What speaks against this is that we already have serious manpower lacks with the normal tracker data and unless this is solved this is a waste of resources. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp16Lc7kXpnk.pgp
Description: PGP signature