Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)

To: Debian Security Team <team@security.debian.org>
Cc: debian-security@lists.debian.org, Emilio Pozuelo Monfort <pochu@debian.org>, Moritz Mühlenhoff <jmm@inutil.org>, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
From: Samuel Henrique <samueloph@debian.org>
Date: Wed, 27 Nov 2024 23:28:50 +0000
Message-id: <[🔎] fjnm5fpm6b47b6c3xfdc5hm25r4boghyssvtlcr7q3mycsdtek@xhlpy46th4pd>

Hello Salvatore,

On Sat, 2 Nov 2024 at 20:02, Samuel Henrique <samueloph@debian.org> wrote:
> On Tue, 29 Oct 2024 at 19:43, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > As mentioned in an earlier message: What I would love to see is to
> > actually have a substate which makes the situation clear, and still
> > beeing technically correct. I was envisioning something which would be
> > a substate like we have for the substate of no-dsa (ignored,
> > postponed).
>
> This sounds like the solution proposal A2, quoting it:
> > ## A2) Add a new mutually exclusive state to the set:
> "not-affected-build-artifacts"
>
> Would this be aligned to what you're looking for?

Could you check if the suggestion above addresses your concern?

Cheers,


--
Samuel Henrique <samueloph>

Reply to:

Prev by Date: Re: Latent bugs in armel, armhf packages built before t64 transition
Next by Date: Re: bind9 update 9.16.50 -- too many record
Previous by thread: Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
Next by thread: dpkg MD5
Index(es):
- Date
- Thread