On 2012-01-16 16:43, Tanguy Ortolo wrote:
Jonathan Wiltshire, 2012-01-16 17:01+0100:
It is only a small thing but I did not realise DEP-3 was still a
candidate or I would have spoken earlier. A CVE field, mandatory if
a
CVE has been published for this patch and is the major component of
this
patch, would allow easy tracing of patches back to CVE publications
later (for review perhaps, or by other distributions).
Then it would be better to make it independant from CVE, since they
are not the only security vulnerability database.
Ack; but we (in the security team) only track CVE really. The Debian
bug number is useful but only within Debian, the CVE identifier is
cross-distribution.
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/2e6c5e69749b3b03b3cf91bcdc007...@hogwarts.powdarrmonkey.net
