Re: CAN to CVE: changing changelogs?

To: Thijs Kinkhorst <kink@squirrelmail.org>
Cc: debian-security@lists.debian.org
Subject: Re: CAN to CVE: changing changelogs?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 26 Oct 2005 12:36:42 +0200
Message-id: <[🔎] 20051026103642.GA7932@informatik.uni-bremen.de>
In-reply-to: <[🔎] 1130319135.4117.12.camel@darwin.os9.nl>
References: <[🔎] 1130319135.4117.12.camel@darwin.os9.nl>

In gmane.linux.debian.devel.security, you wrote:
> As many of you are probably aware, CVE has changed the naming of their
> id's: the temporary "CAN-" prefix has been dropped and an id is now
> always of the form CVE-yyyy-nnnn. More information at the CVE website.
>
> I was wondering what to do with changelogs. I think it might make sense
> to rename CAN-... numbers in old entries to CVE-..., since all entries
> have been renamed and this aids to the goal: having one unique string to
> find any vulnerability by.
>
> Are there any thoughts on changing changelogs retroactively? Might it
> even be an idea to add a lintian check for 'old-style' CAN id's?

You could change them retroactively (with a little note that you did so),
but it's not strictly necessary, as MITRE will continue to provide referrals
from CAN-based entries to CVE-based entries.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: CAN to CVE: changing changelogs?
  - From: Thijs Kinkhorst <kink@squirrelmail.org>

References:
- CAN to CVE: changing changelogs?
  - From: Thijs Kinkhorst <kink@squirrelmail.org>

Prev by Date: Re: CAN to CVE: changing changelogs?
Next by Date: Re: CAN to CVE: changing changelogs?
Previous by thread: Re: CAN to CVE: changing changelogs?
Next by thread: Re: CAN to CVE: changing changelogs?
Index(es):
- Date
- Thread