[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should we be alarmed at our state of security support?

On Fri, Feb 20, 2015 at 12:40 AM, John Goerzen wrote:

> Right now, the security tracker has, apparently, three status for each
> version of Debian:
> not vulnerable
> vulnerable
> fixed
> What if we add a fourth:
> not worth fixing
> This could more clearly communicate what is being said by the "no DSA"
> comments, as well as allow debsecan to be improved with this sort of
> information.  What do you think?

"no DSA" means "will probably not be fixed via security.debian.org" or
"will only be fixed via a point release by the maintainer or anyone
who cares", not "not worth fixing".



Reply to: