[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dealing with renamed source packages during CVE triaging

I've finalized a prototype during my research on this problem, which I
have detailed on GitLab, as it's really code that should be merged. It
would also benefit from wider attention considering it affects more than
LTS now. Anyways, the MR is here:

https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/4

Comments are welcome there or here.

For what it's worth, I reused Lamby's crude parser because I wanted to
get the prototype out the door. I am also uncertain that a full parser
can create the CVE/list file as is reliably without introducing
inconsistent diffs...

I also drifted into the core datastructures of the security tracker, and
wondered if it would be better to split up our large CVE/list file now
that we're using git. I had mixed results. For those interested, it is
documented here:

https://salsa.debian.org/security-tracker-team/security-tracker/issues/2

Cheers!

a.
-- 
If it's important for you, you'll find a way.
If it's not, you'll find an excuse.
                        - Unknown
Reply to: