Re: Can the tracker fetch version information from the BTS?
On Mon, 3 Aug 2009 15:24:58 +0200, Francesco Poli wrote:
> I thought I could be smarter than the tracker and sent a message to the
> control bot, marking the bug as fixed in the security-update versions:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;bug=537977
>
> Almost one day has passed, and this new information still fails to show
> up in http://security-tracker.debian.net/tracker/537977
>
> What's wrong?
> I thought the tracker could fetch version information from the BTS,
> when a vulnerability is associated with a BTS bug...
> Was I too optimistic? ;-)
the tracker is not integrated with the bts at all. someone manually
enters the associated bug number and the tracker generates an http
link on the appropriate page. that is the extent of how they are
linked.
this is a problem with how the tracker handles non-numbered issues.
the security team recently met to discuss workflow problems like this,
and i think the outcome was that we will be able to assign CVEs from a
pool alloted to debian, but i don't think the "how to do" this has been
worked out yet.
in the meantime, i will manually enter the information.
mike
Reply to: