Hi,
On Tue, 16 Sep 2014, Raphael Hertzog wrote:
> Let's not continue that bad tradition. If anything it should provide
> either YAML or JSON with something structured:
>
> bind9:
> squeeze:
> open:
> - CVE-XXX
> - CVE-YYY
> open-unimportant:
> - ...
> resolved:
> - ...
> wheezy:
> ...
One thing that comes to my mind is that we probably also want the
associated Debian bug number when there's an associated bug report.
So instead of a plain CVE identifier we probably want a hash:
{ 'id': 'CVE-XXXX-XXXX', 'bug': '12345', 'severity': 'low' }
That way we could also export the severity and easily add more data
in case of future needs.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150218101411.ga9...@home.ouaza.com
