Re: faster tracker data processing

To: Raphael Geissert <geissert@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: faster tracker data processing
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 2 Oct 2009 22:02:52 +0200
Message-id: <[🔎] 20091002200252.GA7595@inutil.org>
In-reply-to: <[🔎] ha1cb8$5kp$1@ger.gmane.org>
References: <[🔎] ha1cb8$5kp$1@ger.gmane.org>

On Wed, Sep 30, 2009 at 11:49:54PM -0500, Raphael Geissert wrote:
> Hi,
> 
> I haven't had much time lately to actively audit and fix vulnerabilities,
> but I usually take a look at the commits and there are times I see that a
> new CVE id was assigned to some app shipped on Debian.
> 
> What is the general opinion of for example when finding such entries add a
> simple '- package <unfixed>' entry and leave the 'TODO: check' around?
> 
> The idea is to let the tracker know about the possibly affected package as
> soon as possible. I think it is is better to say "there seems to be an
> issue affecting foo, but needs to be investigated" rather than "there's an
> issue that needs to be investigated".

I agree, now that we have integration in the PTS (thanks for that), it makes
sense to add a <unfixed> entry even without having the time to file a bug
report.

Cheers,
        Moritz

Reply to:

References:
- faster tracker data processing
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: faster tracker data processing
Next by Date: Re: faster tracker data processing
Previous by thread: Re: faster tracker data processing
Next by thread: Re: Can the tracker fetch version information from the BTS?
Index(es):
- Date
- Thread