Re: faster tracker data processing
On Wed, Sep 30, 2009 at 11:49:54PM -0500, Raphael Geissert wrote:
> Hi,
>
> I haven't had much time lately to actively audit and fix vulnerabilities,
> but I usually take a look at the commits and there are times I see that a
> new CVE id was assigned to some app shipped on Debian.
>
> What is the general opinion of for example when finding such entries add a
> simple '- package <unfixed>' entry and leave the 'TODO: check' around?
>
> The idea is to let the tracker know about the possibly affected package as
> soon as possible. I think it is is better to say "there seems to be an
> issue affecting foo, but needs to be investigated" rather than "there's an
> issue that needs to be investigated".
I agree, now that we have integration in the PTS (thanks for that), it makes
sense to add a <unfixed> entry even without having the time to file a bug
report.
Cheers,
Moritz
Reply to: