Bug#908678: Update on the security-tracker git discussion
- To: 908678@bugs.debian.org
- Cc: Daniel Lange <DLange@debian.org>, Guido Günther <agx@sigxcpu.org>, Bastian Blank <waldi@debian.org>, Martin Zobel-Helas <zobel@debian.org>, holger@debian.org
- Subject: Bug#908678: Update on the security-tracker git discussion
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 2 Jul 2019 13:25:43 +0200
- Message-id: <[🔎] 20190702112543.GA21081@lorien.valinor.li>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 908678@bugs.debian.org
- In-reply-to: <20190624115736.7o75qsquhuw66oj5@lorien.valinor.li>
- References: <13e5b2a3-6ddd-347e-6c78-6901fb59d2b6@debian.org> <20190606053156.GA5849@eldamar.local> <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de> <3ab2de26-c825-73f3-cc90-bf0593b47191@debian.org> <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de> <20190606161153.GA29381@eldamar.local> <20190608162924.GA8204@eldamar.local> <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de> <20190609114858.GA2416@eldamar.local> <20190624115736.7o75qsquhuw66oj5@lorien.valinor.li> <20180912131055.srfkzw5nefmcoqnh@shell.thinkmo.de>
Hi,
On Mon, Jun 24, 2019 at 01:57:36PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Jun 09, 2019 at 01:48:58PM +0200, Salvatore Bonaccorso wrote:
> > On Sat, Jun 08, 2019 at 06:29:24PM +0200, Salvatore Bonaccorso wrote:
> > > Notes on possible CVE/list splits
> > > ---------------------------------
> > [...]
> >
> > After a face-to-face conversation with Daniel, Daniel suggested to
> > create a priority list out of that, we will followup with that to that
> > (ideally as gitlab task-list) here with a link once we have made our
> > minds on it.
>
> The plan was initially to do that in that week. Due to some other
> issues (Debian related, and other) this was not possible. The plan
> still holds to prioritize these tasks so that people wanting to help
> contribute have something to tackle.
So I'm starting to track those here be better/more easily track work
on those:
https://salsa.debian.org/security-tracker-team/security-tracker-service/issues/1
(but they need to reshuffle an consolidate the items). Basically
before the switch the two major topics (the security-tracker code base
itself) and tools involved in the workflow for triaging/updating CVEs
need to be adapted to a split repo situation, which makes many of the
items go into the first group anyway, but not all.
So slow still work in progress.
On personal note, it would be nice to have some dedicated time for
this only, but ...
Regards,
Salvatore
p.s.: Question is if we should do a split as well for the other types of
files which are supported (DSA, TDSA, ...) while at it.
Reply to: