Michael Gilbert wrote: > i think an appropriate fix is to eliminate this assumption in the > experimental version checking, which will force a lot of experimental > info to be entered manually.
Hi Mike, I wouldn't want to force extra manual work - I was thinking that if nobody had yet established the vulnerability of a particular version, the tracker could simply say so, e.g. "Status: unknown", or it could say "Status: assumed fixed" but with a note about how that assumption was made, in this case by a comparison of version numbers. I think it would be a logical extension of the existing table that specifies what "The information above is based on". We would then manually override that automatic status whenever we knew better. I wonder if there are better heuristics than comparing version numbers that would allow us to make assertions that are more likely to be right - perhaps based on knowledge of the genealogy of versions such as might already be stored in Debian's bug tracking system. If I find time to look at the code and make more concrete suggestions for improvement I will let you know. Cheers. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
