Bug#761859: security-tracker json deployed
On Tue, Mar 17, 2015 at 08:17:03AM +0800, Paul Wise wrote:
> On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
>
> > I also noticed that we have nowhere data that says that an
> > issue is <undetermined>... maybe those issues should be entirely dropped?
> >
> > I don't understand why we have that status in the first place.
> >
> > But my first try at identifying issues open in squeeze (i.e. an improved
> > https://security-tracker.debian.org/tracker/status/release/oldstable) led
> > me to showing many such issues... and I want to filter them out.
>
> I don't think we should hide issues, if the secteam hasn't had time to
> sort through them, exposing them to maintainers and other folks can only
> help recruit more people to help maintain the data.
We don't hide anything, <undetermined> is only used for cases, where an issue
was assessed, but no actionable information is available, e.g. for secretive
advisories from "security companies" selling 0-days, unclear bugs or secretive
vendors like Oracle.
So, sorting them out makes sense.
Cheers,
Moritz
Reply to: