[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-commits] r11636 - data/CVE

On Fri, 17 Apr 2009 11:30:19 +0200, Nico Golde wrote:

> Hi,
> * Kees Cook <kees@alioth.debian.org> [2009-04-17 09:59]:
> > Author: kees
> > Date: 2009-04-17 01:25:52 +0000 (Fri, 17 Apr 2009)
> > New Revision: 11636
> > 
> > Modified:
> >    data/CVE/list
> > Log:
> > Sync from Ubuntu CVE tracker...
> > unfixed: archivemail azureus clamav evolution-data-server ghostscript graphicsmagick iceape iceweasel jbossas4 libapache2-mod-perl2 libstruts1.2-java linux-2.6 ntp openjdk-6 python2.4 python2.5 sun-java5 sun-java6 tomcat5.5 torrentflux typo3-src wireshark xulrunner
> > fixed: lighttpd tunapie
> Could you please switch that off again? Without prior 
> discussion I think such bots are not acceptable. I also 
> don't think that we want automatic fixed entries, this is 
> way to error prone. Also from what I experienced so far just 
> adding <unfixed> entries doesn't help that much, usually it 
> takes very long until someone picks that up and files a bug.
> I want at least a further discussion of this until you 
> switch this on again. It's not that we were too lazy or to 
> unskilled so far to play with soap and mark fixed bugs 
> automatically in the tracker but as far as I can tell this 
> wasn't done on purpose.

if they submitted (semi-automated) bug reports for all of the unfixed
issues that they sync up, would that be sufficient to address your

i agree that auto-marking fixed issues is quite dangerous and should
not be done.


Reply to: