Bug#761859: security-tracker json deployed
On Tue, Mar 17, 2015 at 01:09:44PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Mar 17, 2015 at 08:17:03AM +0800, Paul Wise wrote:
> > On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
> >
> > > I also noticed that we have nowhere data that says that an
> > > issue is <undetermined>... maybe those issues should be entirely dropped?
> > >
> > > I don't understand why we have that status in the first place.
> > >
> > > But my first try at identifying issues open in squeeze (i.e. an improved
> > > https://security-tracker.debian.org/tracker/status/release/oldstable) led
> > > me to showing many such issues... and I want to filter them out.
> >
> > I don't think we should hide issues, if the secteam hasn't had time to
> > sort through them, exposing them to maintainers and other folks can only
> > help recruit more people to help maintain the data.
>
> We don't hide anything, <undetermined> is only used for cases, where an issue
> was assessed, but no actionable information is available, e.g. for secretive
> advisories from "security companies" selling 0-days, unclear bugs or secretive
> vendors like Oracle.
>
> So, sorting them out makes sense.
I meant "filtering" here.
Cheers,
Moritz
Reply to: