On Tue, 06 Nov 2018, Moritz Muehlenhoff wrote: > On Tue, Nov 06, 2018 at 08:16:21PM +0100, Markus Koschany wrote: > > Am 06.11.18 um 20:09 schrieb Moritz Muehlenhoff: > > > Hi, > > > if you fix any issues which were formerly tagged <no-dsa> in a DLA, make > > > sure > > > to remove the no-dsa in CVE/list as well, e.g. in the DLA-1568-1 for curl. > > > > I was about to do that, as usual, but when someone else does it four > > minutes after I requested a DLA number and I still work on the commit, > > then there is not really anything what can be done about it. I suggest > > being a bit more patient in such cases. > > Your's is just an arbitrary example, there's plenty of other cases where that > did not happen at all until Salvatore cleaned it up.
Why is that even needed? Can't we improve the security tracker to ignore those no-dsa tag when the CVE has been fixed? Or have some script to remove them automatically? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
