On Wed, 18 Feb 2015, Raphael Hertzog wrote:
> One thing that comes to my mind is that we probably also want the
> associated Debian bug number when there's an associated bug report.
> So instead of a plain CVE identifier we probably want a hash:
> { 'id': 'CVE-XXXX-XXXX', 'bug': '12345', 'severity': 'low' }
>
> That way we could also export the severity and easily add more data
> in case of future needs.
And I just thought that I would like to have the "status"... in particular
to differentiate <no-dsa> issues.
status: open|no-dsa|end-of-life|resolved ?
or just
status: open|resolved
no-dsa: True|False
This would suggest to have a single list of issues per suite and have
the status/severity in the data of each CVE:
'bind9': {
'squeeze': {
'CVE-XXXX-XXXX': {
'status': 'open|resolved',
'severity': 'unimportant|low|normal|high|unknown',
'no-dsa': True|False,
'end-of-life': True|False,
},
...
],
'wheezy': [
...
]
},
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
