Re: Sub-release information on per-source-package page
Hi Florian,
On Mon, May 25, 2015 at 05:57:20PM +0200, Salvatore Bonaccorso wrote:
> Hi Florian,
>
> On Mon, May 25, 2015 at 05:52:00PM +0200, Florian Weimer wrote:
> > * Florian Weimer:
> >
> > > Salvatore pointed me to the long-standing bug which causes the
> > > per-source-package pages such as
> > >
> > > <https://security-tracker.debian.org/tracker/source-package/dnsmasq>
> > >
> > > not to display fixes which have not yet migrated to the master archive
> > > (i.e. are currently fixed in the security archive only).
> > >
> > > If I manage to fix this, would it be important to perserve the
> > > “squeeze (lts)”, “wheezy (security)” etc. columns, or do you only need
> > > the information if squeeze, wheezy and the other releases are fixed
> > > somewhere?
> >
> > I have removed the sub-release information. The issue which led to
> > completely vanishing bugs has been fixed, and the open/resolved
> > distinction now disregards the unfixed master archive if there is a
> > fix in security/tls.
> >
> > This is visible here:
> >
> > <https://security-tracker.debian.org/tracker/source-package/dnsmasq>
> >
> > (CVE-2015-3294 was missing.)
> >
> > Or here:
> >
> > <https://security-tracker.debian.org/tracker/source-package/bind9>
> >
> > (Some long-fixed issues were listed as open, presumably due to lack of
> > migration into a point release.)
>
> Nice! Thanks for taking the time, investigating the issue and fixing
> it. And with the new yellow status for no-dsa it looks really great.
One small addition, since we now consider fixed in "somewhere in
codename" as fixed in $codename, would it be possible to reflect this
as well in the header section of e.g.
https://security-tracker.debian.org/tracker/CVE-2015-3294
But please keep the detail view below in the section "Vulnerable and
fixed packages".
Regards and thanks again,
Salvatore
Reply to: