Re: Dealing with renamed source packages during CVE triaging

To: Antoine Beaupré <anarcat@orangeseeds.org>, debian-lts@lists.debian.org
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Dealing with renamed source packages during CVE triaging
From: Brian May <bam@debian.org>
Date: Wed, 13 Jun 2018 17:38:07 +1000
Message-id: <[🔎] 87lgbjw2zk.fsf@silverfish.pri>
In-reply-to: <[🔎] 87sh5x6u9z.fsf@angela.anarc.at>
References: <20170328131141.zu3acjdk633lsn44@home.ouaza.com> <20170328131956.GA7711@inutil.org> <20170328135512.dmvj2bnktosbjss2@home.ouaza.com> <20170328135645.GA8006@inutil.org> <[🔎] 87fu1y8d43.fsf@angela.anarc.at> <[🔎] 877en9ybvh.fsf@silverfish.pri> <[🔎] 871sdh8kaz.fsf@angela.anarc.at> <[🔎] 87sh5x6u9z.fsf@angela.anarc.at>

Antoine Beaupré <anarcat@orangeseeds.org> writes:

> https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/4
>
> Comments are welcome there or here.

Current comments on merge request, copied and pasted here, as I think
relevant for the discussion here:

Moritz Muehlenhoff @jmm commented 4 days ago Owner
Strong nack, the data quality of embedded code copies isn't useful for
this. When you've verified a certain package to be affected, add it
manually (with references), but don't dump lots of unactionable data
into the tracker.

Brian May @bam commented 2 minutes ago Developer
@jmm The problem I
believe is how do we keep track of packages that might be affected but
aren't listed in the security tracker? Do we maybe need to keep track of
this information outside the security tracker?
-- 
Brian May <bam@debian.org>

Reply to:

References:
- Re: Dealing with renamed source packages during CVE triaging
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Dealing with renamed source packages during CVE triaging
  - From: Brian May <bam@debian.org>
- Re: Dealing with renamed source packages during CVE triaging
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Dealing with renamed source packages during CVE triaging
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: Re: Dealing with renamed source packages during CVE triaging
Next by Date: Re: Dealing with renamed source packages during CVE triaging
Previous by thread: Re: Dealing with renamed source packages during CVE triaging
Next by thread: Bug#901777: security-tracker: When i open Facebook All my other pages Crash at Once. They All Shut down.
Index(es):
- Date
- Thread