Re: [Secure-testing-commits] r11636 - data/CVE
On Fri, 17 Apr 2009 11:30:19 +0200, Nico Golde wrote:
> Hi,
> * Kees Cook <kees@alioth.debian.org> [2009-04-17 09:59]:
> > Author: kees
> > Date: 2009-04-17 01:25:52 +0000 (Fri, 17 Apr 2009)
> > New Revision: 11636
> >
> > Modified:
> > data/CVE/list
> > Log:
> > Sync from Ubuntu CVE tracker...
> > unfixed: archivemail azureus clamav evolution-data-server ghostscript graphicsmagick iceape iceweasel jbossas4 libapache2-mod-perl2 libstruts1.2-java linux-2.6 ntp openjdk-6 python2.4 python2.5 sun-java5 sun-java6 tomcat5.5 torrentflux typo3-src wireshark xulrunner
> > fixed: lighttpd tunapie
>
> Could you please switch that off again? Without prior
> discussion I think such bots are not acceptable. I also
> don't think that we want automatic fixed entries, this is
> way to error prone. Also from what I experienced so far just
> adding <unfixed> entries doesn't help that much, usually it
> takes very long until someone picks that up and files a bug.
>
> I want at least a further discussion of this until you
> switch this on again. It's not that we were too lazy or to
> unskilled so far to play with soap and mark fixed bugs
> automatically in the tracker but as far as I can tell this
> wasn't done on purpose.
if they submitted (semi-automated) bug reports for all of the unfixed
issues that they sync up, would that be sufficient to address your
concerns?
i agree that auto-marking fixed issues is quite dangerous and should
not be done.
mike
Reply to: