package: security-tracker Hi, the ordering of the releases (sid, jessie, wheezy...) and issues (open and resolved CVEs, DSAs, etc) is not consistent in the tracker web ui (and was undeterministic in parts). So what do we have, there are basically two views: package-centric, like https://security-tracker.debian.org/tracker/source- package/bind9 and issue-centric, like https://security- tracker.debian.org/tracker/CVE-2014-0591 Both list the releases in their page header, the issue-view lists oldest release on top, the package view is undeterministic (aka buggy, compare bind9 vs linux). So that issue #1. The issue-view then lists affected releases, also with oldest release on top. Then it lists releases with fixed versions, with the newest releases on top - no, actually unsorted. So thats #2 So that should probably be fixed to also list the oldest release on top. Agreed? Then, the package view lists releases in the "open issues" table, with the oldest on the left. So except for this one issue, the releases are ordered consistently now. Second question: is that the prefered ordering, or should newer release be on the left/top? That's #3 even though it's just a question, thats one of the main questions to decide here! The second main question is the issue ordering: In the issue view, "open issues", "open unimportant issues" and "resolved issues" are all sorted with the oldest on top. "Security annoncements" are sorted with the newest on top. I think it's rather clear, that "resolved issues" should be sorted with oldest at bottom, like the announcements. Thats #4. Debatable (but sadly so far only debated between Salvatore and me) is whether to list newer "open (unimportant) issues" on top or at the bottom. Salvatores argues that currently it's easier to see what old issues havent been handled, while my arguing is that new issues should be easier to see, as old ones are probably known already anyway. This is #5 for the team to decide :-) I can fix #1+#2 to make the ordering deterministic, but the team should really decide on #3-5. Are there regular irc meetings where this could happen? Or else, how? cheers, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.