Re: Better handling of NEW packages (yes, sec related)

To: debian-security-tracker@lists.debian.org
Subject: Re: Better handling of NEW packages (yes, sec related)
From: Raphael Geissert <geissert@debian.org>
Date: Wed, 28 Oct 2009 11:07:40 -0600
Message-id: <[🔎] hc9tnj$et6$1@ger.gmane.org>
References: <[🔎] hc51qi$n7$1@ger.gmane.org> <[🔎] 20091026172036.0ced958a.michael.s.gilbert@gmail.com>

Michael Gilbert wrote:
> 
> i think this is a great idea.  i was a bit surprised by all of the old
> (2005/2006) issues that you converted from NFUs in your last tracker
> update.  

There were actually some more, but I had doubts about marking them as they
were probably already fixed long ago, and then I forgot which ones they
were (to at least mention them in this thread).

> the current process misses these items, so a change is 
> necessary to make sure they're not falling through the cracks. maybe
> this could be tied into the 'hints' idea you had mentioned recently.
> 

Yeah, that could work in the case of CVEs marked as NFU, but we still need
to deal with NEW packages (as an appropriate mapping between the package
name and the NVD name is still needed anyway).

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

References:
- Better handling of NEW packages (yes, sec related)
  - From: Raphael Geissert <geissert@debian.org>
- Re: Better handling of NEW packages (yes, sec related)
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: Better handling of NEW packages (yes, sec related)
Next by Date: Re: Better handling of NEW packages (yes, sec related)
Previous by thread: Re: Better handling of NEW packages (yes, sec related)
Next by thread: Re: Better handling of NEW packages (yes, sec related)
Index(es):
- Date
- Thread