Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)�
Hello Salvatore,
On Sun, 1 Dec 2024 at 14:08, Salvatore Bonaccorso <carnil@debian.org> wrote:
> On Wed, Nov 27, 2024 at 11:28:50PM +0000, Samuel Henrique wrote:
> > On Sat, 2 Nov 2024 at 20:02, Samuel Henrique <samueloph@debian.org> wrote:
> > > On Tue, 29 Oct 2024 at 19:43, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > > > As mentioned in an earlier message: What I would love to see is to
> > > > actually have a substate which makes the situation clear, and still
> > > > beeing technically correct. I was envisioning something which would be
> > > > a substate like we have for the substate of no-dsa (ignored,
> > > > postponed).
> > >
> > > This sounds like the solution proposal A2, quoting it:
> > > > ## A2) Add a new mutually exclusive state to the set:
> > > "not-affected-build-artifacts"
> > >
> > > Would this be aligned to what you're looking for?
> >
> > Could you check if the suggestion above addresses your concern?
>
> Not yet, but I will try to schedule a bit of time in the next weeks
> for security-tracker stuff and have a look at this.
Just checking if you would have time to look into this.
Thank you,
--
Samuel Henrique <samueloph>
Reply to: