On Mon, 21 Jul 2008 21:59:37 +0200 Florian Weimer <[EMAIL PROTECTED]> wrote:
> * Stephan Hermann: > > >> What's the correct way to get it out of Unbuntu (universe)? I > >> don't want to relicense it, but if asking politely does not work, > >> it seems to be my only choice. > > > What needs to be done to make it work on Ubuntu, too? > > debsecan needs to be patched to download CVE meta-data from Launchpad, > and someone needs to maintain the data in Launchpad. > So, we need somehow the CVE data from LP or from a source which is being trusted by Ubuntu... A relation between open CVEs in Ubuntu packages and closed CVEs in ubuntu-security packages... I don't know how far the LP guys are in giving out this data, but I know that we have the CVE tracker of Ubuntu (kees, jd, emgent please jump in and fill in any gaps ;)) and we could use this data, right? Now I need to find the time to check the source in general, and how difficult it will to patch it to our needs...and to make Florian happy :) \sh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]