Hi, On Tue, 16 Sep 2014, Raphael Hertzog wrote: > Let's not continue that bad tradition. If anything it should provide > either YAML or JSON with something structured: > > bind9: > squeeze: > open: > - CVE-XXX > - CVE-YYY > open-unimportant: > - ... > resolved: > - ... > wheezy: > ...
One thing that comes to my mind is that we probably also want the associated Debian bug number when there's an associated bug report. So instead of a plain CVE identifier we probably want a hash: { 'id': 'CVE-XXXX-XXXX', 'bug': '12345', 'severity': 'low' } That way we could also export the severity and easily add more data in case of future needs. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150218101411.ga9...@home.ouaza.com