Hi Salvatore, On Mittwoch, 10. September 2014, Salvatore Bonaccorso wrote: > The tabular view clearly would need some improvement and making clear > where the fix is already, e.g. wheezy-security but not yet wheezy. I > try to explain. The version tracked on the individual CVE pages is > *correct* from the following point of view: A fix is in wheezy-security > already, but not yet accepted into the wheezy suite.
thanks for explaining this here also, but as on IRC I wonder:
for whom is that view useful?
Or in other words: I'd like a view which shows me which issues are (not) fixed
in wheezy-security and squeeze-lts. I don't care at all about wheezy and
squeeze "alone" - like many many other users.
> It is not enough from stable point of view
> for having the fix available in stable to have it only on
> wheezy-security -- it also needs to be included into a wheezy point
> release.
That's a view about which very very few people are concerned, namely stable
release managers ;) All the rest is using -security and are fine once the fix
is there :)
> squeeze, squeeze (security) 5.04-5+squeeze5 vulnerable
> squeeze (lts) 5.04-5+squeeze6 fixed
> wheezy 5.11-2+deb7u3 vulnerable
> wheezy (security) 5.11-2+deb7u4 fixed
> jessie, sid 1:5.19-2 fixed
>
> One issue is: with -lts this will never happen that packages will be
> integrated into squeeze, as there will be no pint releases including
> the -lts fixes into squeeze.
I don't really see this as an issue *with practical impact*.
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
