On mer., 2014-09-10 at 20:42 +0200, Moritz Muehlenhoff wrote: > On Wed, Sep 10, 2014 at 08:56:48PM +0200, Yves-Alexis Perez wrote: > > On mer., 2014-09-10 at 19:50 +0200, Moritz Muehlenhoff wrote: > > > On Wed, Sep 10, 2014 at 05:13:35PM +0200, Holger Levsen wrote: > > > > Hi Salvatore, > > > > > > > > On Mittwoch, 10. September 2014, Salvatore Bonaccorso wrote: > > > > > The tabular view clearly would need some improvement and making clear > > > > > where the fix is already, e.g. wheezy-security but not yet wheezy. I > > > > > try to explain. The version tracked on the individual CVE pages is > > > > > *correct* from the following point of view: A fix is in wheezy-security > > > > > already, but not yet accepted into the wheezy suite. > > > > > > > > thanks for explaining this here also, but as on IRC I wonder: > > > > > > > > for whom is that view useful? > > > > > > For noone, we already discussed that during the security team meeting > > > and we decided to fix the view as also described in your bug report. > > > > > > It's only that noone has come around to change this. But since you now > > > have experience with the code base... :-) > > > > > It's still important to have the data available because wheezy is what > > you get when you pick the latest install media. > > But they also contain the security apt sources, so this is rather theoretical. No, some people don't have easy access to security sources (for example disconnected networks where mirror sync is manual) and thus having a way to know the status in current is useful. It's also useful in audit/forensics. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part