On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > We usually mark affected CVE as in data/CVE/list and just
> > add the package to security-support-ended.deb8 in
> > debian-security-support. We then upload new versions of the package
> > periodically and announce it via DLA.
On Tue, Nov 12, 2019 at 11:03:17AM +0100, Sylvain Beucler wrote:
> I believe it's a matter of magnitude: the doc's example is about a 10%
> excess, while this was about a ~200% excess.
this, exactly.
> Coordination allows to average the workload and reactivity, for instance
> by adding more peopl
On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > We usually mark affected CVE as in data/CVE/list and just
> > > add the package to security-support-ended.deb8 in
> > > debian-security-support. We then upload
On Thu, Nov 14, 2019 at 01:31:27PM -0500, Roberto C. Sánchez wrote:
> On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> > On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > > We usually mark affected CVE as in data/CVE/list and just
> > > > add the package to
In an attempt to complete this TODO item from the wiki:
automatically strip no-dsa tags by gen-DLA
https://wiki.debian.org/LTS/TODO#automatically_strip_no-dsa_tags_by_gen-DLA
This is my very early attempt to modify the CVE parser so that it can
write the results back to the CVE file again. Meanin