Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)

To: Debian Security Team <team@security.debian.org>, debian-security@lists.debian.org, Emilio Pozuelo Monfort <pochu@debian.org>, Moritz Mühlenhoff <jmm@inutil.org>
Subject: Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
From: Samuel Henrique <samueloph@debian.org>
Date: Sun, 13 Apr 2025 16:06:38 +0100
Message-id: <[🔎] ex5wntkdvkihjwinbzwj33iewloaerbtaft5upczp6bhv4vu5j@ir4yvvm5n66e>
In-reply-to: <yxe42tm2aahlo7zkmb5fga5j3i72bc47rd445hibiewbadgpvw@erxyp5lgfirp>

Hello everyone,

On Sun, 2 Mar 2025 at 20:26, Samuel Henrique <samueloph@debian.org> wrote:
> Just checking if you would have time to look into this.

Sending another ping, this proposal is now 1 year old.

For clarity, I'm not requesting the team to do any work here. I can work on the
changes, I just need a decision on the solution.

Personally, I have it as a high priority to cut down those 20% false-positive
CVEs reported for Debian containers, since a lot of official containers are
based on us, but this will also help non-container users.

I'm hoping that sending this is fine, but let me know if I should have waited
more than a month from the previous message.

Regards,

--
Samuel Henrique <samueloph>

Reply to:

Follow-Ups:
- Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
  - From: Salvatore Bonaccorso <carnil@debian.org>

Next by Date: Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
Next by thread: Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
Index(es):
- Date
- Thread