On Fri, 17 Apr 2009 11:30:19 +0200, Nico Golde wrote: > Hi, > * Kees Cook <[email protected]> [2009-04-17 09:59]: > > Author: kees > > Date: 2009-04-17 01:25:52 +0000 (Fri, 17 Apr 2009) > > New Revision: 11636 > > > > Modified: > > data/CVE/list > > Log: > > Sync from Ubuntu CVE tracker... > > unfixed: archivemail azureus clamav evolution-data-server ghostscript > > graphicsmagick iceape iceweasel jbossas4 libapache2-mod-perl2 > > libstruts1.2-java linux-2.6 ntp openjdk-6 python2.4 python2.5 sun-java5 > > sun-java6 tomcat5.5 torrentflux typo3-src wireshark xulrunner > > fixed: lighttpd tunapie > > Could you please switch that off again? Without prior > discussion I think such bots are not acceptable. I also > don't think that we want automatic fixed entries, this is > way to error prone. Also from what I experienced so far just > adding <unfixed> entries doesn't help that much, usually it > takes very long until someone picks that up and files a bug. > > I want at least a further discussion of this until you > switch this on again. It's not that we were too lazy or to > unskilled so far to play with soap and mark fixed bugs > automatically in the tracker but as far as I can tell this > wasn't done on purpose.
if they submitted (semi-automated) bug reports for all of the unfixed issues that they sync up, would that be sufficient to address your concerns? i agree that auto-marking fixed issues is quite dangerous and should not be done. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
