On Wed, 18 Feb 2015, Raphael Hertzog wrote:
One thing that comes to my mind is that we probably also want the
associated Debian bug number when there's an associated bug report.
So instead of a plain CVE identifier we probably want a hash:
{ 'id': 'CVE--', 'bug': '12345', 'severity':
Hi,
On Tue, 16 Sep 2014, Raphael Hertzog wrote:
Let's not continue that bad tradition. If anything it should provide
either YAML or JSON with something structured:
bind9:
squeeze:
open:
- CVE-XXX
- CVE-YYY
open-unimportant:
- ...
On Tue, Sep 16, 2014 at 7:08 AM, Holger Levsen hol...@layer-acht.org wrote:
the information gathered in the security-tracker should be displayed in the
package tracker.d.o.
It already is. The link is missing from the main description, it is
present in the extended description though:
Hi,
On Tue, 16 Sep 2014, Holger Levsen wrote:
the information gathered in the security-tracker should be displayed in the
package tracker.d.o.
It's already there, see the 20 security issues in
https://tracker.debian.org/pkg/linux
When you click on the question mark you get access to the
Hi,
On Tue, 16 Sep 2014, Paul Wise wrote:
On Tue, Sep 16, 2014 at 7:08 AM, Holger Levsen hol...@layer-acht.org wrote:
There is an interface for it, see
https://security-tracker.debian.org/tracker/data/pts/1
Could we get a new URL that also has information about unimportant and
resolved
Hi,
On Dienstag, 16. September 2014, Raphael Hertzog wrote:
Let's not continue that bad tradition. If anything it should provide
either YAML or JSON with something structured:
I agree. Any preference?
cheers,
Holger
signature.asc
Description: This is a digitally signed message
Hi,
On Dienstag, 16. September 2014, Paul Wise wrote:
It already is. The link is missing from the main description, it is
present in the extended description though:
ui, wow, such a small icon. Could you please also make the words security
issues a link?!
Could we get a new URL that also
On Tue, Sep 16, 2014 at 5:29 PM, Holger Levsen wrote:
bind9 is not linked, despite there is one open security issue in wheezy (and
several in squeeze(-lts+security)
bind9 is missing from the security-tracker data export AFAICT.
--
bye,
pabs
https://wiki.debian.org/PaulWise
--
To
On Tue, 16 Sep 2014, Holger Levsen wrote:
On Dienstag, 16. September 2014, Raphael Hertzog wrote:
Let's not continue that bad tradition. If anything it should provide
either YAML or JSON with something structured:
I agree. Any preference?
JSON is more web-friendly, I would pick that.
clone 761730 -1
reassign -1 security-tracker
retitle 761730 tracker.d.o: please provide more detailed information about
security issues
retitle -1 security-tracker: please provide more information via JSON file for
tracker.d.o
block 761730 by -1
thanks
On Dienstag, 16. September 2014, Raphael
On Tue, September 16, 2014 09:10, Paul Wise wrote:
Could we get a new URL that also has information about unimportant and
resolved issues and DSAs? I would suggest a format like what lintian
uses:
Not sure what you'd use that additional info for, but I would heartily
disrecommend to display
On Tue, 2014-09-16 at 16:42 +0200, Thijs Kinkhorst wrote:
Not sure what you'd use that additional info for
As I said perhaps less clearly in another mail, two things:
To list a link to the security tracker in the right-hand-side links
section for packages with (any) security issues, as we do
package: tracker.debian.org
severity: wishlist
x-debbugs-cc: debian-security-trac...@lists.debian.org
Hi,
the information gathered in the security-tracker should be displayed in the
package tracker.d.o.
There is an interface for it, see
https://security-tracker.debian.org/tracker/data/pts/1
13 matches
Mail list logo