Bug#761859: security tracker json...
Hi,
On Tue, 24 Feb 2015, Holger Levsen wrote:
> on the latter I have some questions:
>
> - if a CVE is fixed in lts/security but not squeeze|wheezy, the aggregated
> json will display it as fixed in lts or security.
IMO you should always aggregate the data into the associated base release.
aka: squeeze/wheezy/jessie/sid
Always using the codename for consistency.
> - if a CVE is neither fixed in lts/security/(squeeze|wheezy), the aggregated
> output should display it as open in ???
Same as above.
> - if a CVE is neither fixed in lts/security/(squeeze|wheezy), but the version
> in lts/security differs from squeeze|wheezy, which version+suite to display as
> affected?
The aggregate view should use the latest version available from all the
repositories associated to the release of interest.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: