Re: Proposed refactoring of the per-release tracker pages

To: debian-security-tracker@lists.debian.org
Subject: Re: Proposed refactoring of the per-release tracker pages
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 9 Jan 2010 17:37:27 -0500
Message-id: <[🔎] 20100109173727.2eb9392c.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20100109230522.2334dd1c.frx@firenze.linux.it>
References: <[🔎] 20100107230259.5479c740.michael.s.gilbert@gmail.com> <[🔎] 20100108164048.GB25696@inutil.org> <[🔎] 20100108175952.23646229.michael.s.gilbert@gmail.com> <[🔎] 20100109172643.1782e1f1.frx@firenze.linux.it> <[🔎] 20100109141350.dcd2ee40.michael.s.gilbert@gmail.com> <[🔎] 20100109211356.a206b89e.frx@firenze.linux.it> <[🔎] 20100109155954.92696cd1.michael.s.gilbert@gmail.com> <[🔎] 20100109230522.2334dd1c.frx@firenze.linux.it>

On Sat, 9 Jan 2010 23:05:22 +0100 Francesco Poli wrote:
> I think that, when a vulnerability is undetermined in the sense that it
> is yet unknown whether it is <fixed> or <unfixed> in all the package
> versions currently present in the various releases (stable, testing,
> unstable), then it makes sense to have an urgency (<low>, <medium>,
> <high>, or even <unset>) that suggests how quickly one should strive to
> investigate further.

That is still settable, its just not done in those example cases.

> The per-release tracker pages should have a view that includes these
> kinds of issues too, and a view that hides them, as well.
> I don't mind which is the default, as long as there's a distinct URL
> for each one of them.

In the works ;)

> On the other hand, as soon as a vulnerability is known to be <unfixed>
> in *at least* one package version currently present in a release, the
> urgency (<low>, <medium>, <high>, or <unset>) has the usual meaning
> ("how quickly one should strive to fix the issue?").
> The per-release tracker pages should always show these kinds of issues,
> of course.

As I have been saying, <unset> provides no useful guidance in terms
of how soon the issue should be addressed, so its not really useful
itself.

Mike

Reply to:

References:
- Proposed refactoring of the per-release tracker pages
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: Proposed refactoring of the per-release tracker pages
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: Proposed refactoring of the per-release tracker pages
Next by Date: Re: Proposed refactoring of the per-release tracker pages
Previous by thread: Re: Proposed refactoring of the per-release tracker pages
Next by thread: Re: Proposed refactoring of the per-release tracker pages
Index(es):
- Date
- Thread