On Fri, Oct 21, 2016 at 11:30:04AM +0100, Chris Lamb wrote: > Guido Günther wrote: > > > I'd just use bin/report-vuln ? > > … one of these days I'm going to look at everything in bin/* and actually > remember what it does :) > > (Yay, for saving myself writing such a thing!) > > > I'd say unstable and then "found". > > How come, out of interest? AIUI the tradeoff here is that if the "found" step > gets skipped, the BTS does not believe it is vulnerable and thus it won't get > (correctly) kicked out of testing, etc. etc.
IIRC if we file against wheezy not all newer versions get marked as affected (but I might be wrong) so there is a found/notfound step involved in either case atm. Cheers, -- Guido
