Re: [Secure-testing-commits] r28952 - in data: . CVE
On Mon, Sep 22, 2014 at 02:11:07PM +0200, Raphael Hertzog wrote:
> Hi,
>
> Side remark: Could we get reply-to set to
> debian-security-tracker@lists.debian.org on the commit mails?
>
> On Mon, 22 Sep 2014, Moritz Muehlenhoff wrote:
> > Modified:
> > data/CVE/list
> > data/dsa-needed.txt
> > Log:
> > remove unfixed entries for squeeze, all older versions in the older suites
> > are unfixed by default
>
> I knew this and I asked this on IRC #debian-security without getting any
> reply:
> 10:51 <buxy> does it hurt to add "[squeeze] - <unfixed>" even though the
> tracker knows it already? It could be useful as a confirmation that someone
> investigated the issue and confirmed that squeeze is affected.
There's an enhancement bug for such a <confirmed> tag, IIRC.
> > remove apache2 from dsa-needed, only one debatable issue is open for wheezy
>
> Why don't you add <no-dsa> at the same time then?
Because it is not fully decided yet, Stefan should have a look.
Cheers,
Moritz
Reply to: