Antoine Beaupré <[email protected]> writes: > https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/4 > > Comments are welcome there or here.
Current comments on merge request, copied and pasted here, as I think relevant for the discussion here: Moritz Muehlenhoff @jmm commented 4 days ago Owner Strong nack, the data quality of embedded code copies isn't useful for this. When you've verified a certain package to be affected, add it manually (with references), but don't dump lots of unactionable data into the tracker. Brian May @bam commented 2 minutes ago Developer @jmm The problem I believe is how do we keep track of packages that might be affected but aren't listed in the security tracker? Do we maybe need to keep track of this information outside the security tracker? -- Brian May <[email protected]>
