Antoine Beaupré <[email protected]> writes: > I wonder if some of that stuff should be automated. I am fairly new with > the security process, how often do mistakes like this happen anyways? > > And how hard would it be to automate this?
I would suggest a move useful thing to automate would be filling in more details in the template email "bin/gen-DLA --save" creates. For example, it could automatically pull in a summary for each CVE from data/CVE/list and insert it in the template email. If you are only closing one CVE it doesn't make a huge difference (except perhaps as an additional sanity check you listed the correct CVE), if there are many CVE's the risk of error in filling out details for one of the CVEs by hand increases. It could also add more standardised text (such as "This is fixed in version X; we recommend you upgrade."). -- Brian May <[email protected]>
