Bug#761859: security tracker json...

To: Holger Levsen <holger@layer-acht.org>
Cc: 761859@bugs.debian.org
Subject: Bug#761859: security tracker json...
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 25 Feb 2015 10:29:24 +0100
Message-id: <[🔎] 20150225092924.GA18838@home.ouaza.com>
Reply-to: Raphael Hertzog <hertzog@debian.org>, 761859@bugs.debian.org
In-reply-to: <201502242205.37069.holger@layer-acht.org>
References: <[🔎] 201502222231.07759.holger@layer-acht.org> <[🔎] 87vbit8tff.fsf@mid.deneb.enyo.de> <201502242205.37069.holger@layer-acht.org>

Hi,

On Tue, 24 Feb 2015, Holger Levsen wrote:
> on the latter I have some questions:
> 
> - if a CVE is fixed in lts/security but not squeeze|wheezy, the aggregated 
> json will display it as fixed in lts or security.

IMO you should always aggregate the data into the associated base release.
aka: squeeze/wheezy/jessie/sid

Always using the codename for consistency.

> - if a CVE is neither fixed in lts/security/(squeeze|wheezy), the aggregated 
> output should display it as open in ???

Same as above.

> - if a CVE is neither fixed in lts/security/(squeeze|wheezy), but the version 
> in lts/security differs from squeeze|wheezy, which version+suite to display as 
> affected? 

The aggregate view should use the latest version available from all the
repositories associated to the release of interest.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Bug#761859: security tracker json...
  - From: Holger Levsen <holger@layer-acht.org>

References:
- Bug#761859: yaml...
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#761859: yaml...
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: External check
Next by Date: Bug#761859: security tracker json...
Previous by thread: Bug#761859: yaml...
Next by thread: Bug#761859: security tracker json...
Index(es):
- Date
- Thread