Bug#762781: security-tracker: Provide list of candidates for dsa-needed.txt/dla-needed.txt

[Raphael Hertzog <hertzog@debian.org>]

Hi,

On Thu, 25 Sep 2014, Holger Levsen wrote:
> On Donnerstag, 25. September 2014, Raphaël Hertzog wrote:
> > It would be nice if the security tracker could provide by release a list
> > of packages with open vulnerabilities (i.e. neither unimportant nor tagged
> > as no-dsa) that are not yet listed in dsa-needed.txt/dla-needed.txt
> > depending on the case.
> 
> thanks for this description, sounds implementable ;-)

The annoying part is that the mapping of "release => file to use" changes
over time. There's a one year period where oldstable is the realm of the
security team and only afterwards it gets into dla-needed.txt.

I wish we could use a unified process. After all dsa-needed.txt already
accepts "package/stable" and "package/oldstable" for the period where the
security team takes care of both. Maybe we could just always use that
scheme...

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/