On Tue, Oct 11, 2011 at 08:18:30PM -0400, David Prévot wrote: > Le 11/10/2011 19:53, Javier Fernández-Sanguino Peña a écrit : > > > Security Team: would you agree if I modified all the 2010 and 2011 advisories > > to include a new tag (which would not be printed, yet) to make it possible to > > document which releases were affected by each DSA? > > Since this information doesn't seem to be available in the DSA mail, > couldn't it be gathered directly from the security tracker[0]? > > 0: http://security-tracker.debian.org/tracker/ The information is there, and is not that difficult to have a program read it. These are the blurbs: -------------------------------------------------------------------------- <p>For the oldstable distribution (lenny), this problem has been fixed in version xxxxx.</p> <p>For the stable distribution (squeeze), this problem has been fixed in version xxxxxx</p> -------------------------------------------------------------------------- > > Web team: if the security team agrees I would update all DSA files from 2135 > > to 2322 to include that header. That would ensure that we have some OVAL > > definitions. > > If you also take care to update the english/security/parse-advisory.pl > script we use to convert DSA mail to publish advisories on the website, > so we don't have to manually add those headers in the next ones, I guess > it's not a problem on our side (but I wonder where will this information > come from). I can commit to changing the script too once I get approval. If the security team does not oppose these changes I will schedule to do the changes probably sometime next week. Regards Javier
Attachment:
signature.asc
Description: Digital signature