Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt
Hi,
On Thu, 25 Sep 2014, Holger Levsen wrote:
> On Donnerstag, 25. September 2014, Raphaël Hertzog wrote:
> > It would be nice if the security tracker could provide by release a list
> > of packages with open vulnerabilities (i.e. neither unimportant nor tagged
> > as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt
> > depending on the case.
>
> thanks for this description, sounds implementable ;-)
The annoying part is that the mapping of "release => file to use" changes
over time. There's a one year period where oldstable is the realm of the
security team and only afterwards it gets into dla-needed.txt.
I wish we could use a unified process. After all dsa-needed.txt already
accepts "package/stable" and "package/oldstable" for the period where the
security team takes care of both. Maybe we could just always use that
scheme...
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Reply to: