Bug#868079: Security issues marked as no-dsa are shown as "ignored"

[Moritz Mühlenhoff]

On Tue, Jul 18, 2017 at 12:08:18PM +1000, Paul Wise wrote:
> On Mon, 2017-07-17 at 10:32 +0200, Raphael Hertzog wrote:
> 
> > may "non-critical" or "non-urgent" ?
> 
> I think I would go with non-urgent.
> 
> Perhaps it should also mention point releases?

Yeah, it should point to the general process. I'll draft a short
text for this during the next weeks.

Cheers,
Moritz

Bug#868079: Security issues marked as no-dsa are shown as "ignored"

[Paul Wise]

On Mon, 2017-07-17 at 10:32 +0200, Raphael Hertzog wrote:

> may "non-critical" or "non-urgent" ?

I think I would go with non-urgent.

Perhaps it should also mention point releases?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#868079: Security issues marked as no-dsa are shown as "ignored"

[Raphael Hertzog]

Hi,

On Wed, 12 Jul 2017, Paul Wise wrote:
> On Wed, Jul 12, 2017 at 6:51 AM, Moritz Muehlenhoff wrote:
> > The PTS shows no-dsa security issues as "Ignored security issue",
> Do you have an example of a package where this shows up?

https://tracker.debian.org/xmlsec1

> > But showing them as ignored is wrong and misleading.
> 
> What wording to replace the current template would you suggest?
> 
> 'nodsa': '{count} ignored security {issue} in {release}',
> 
> Maybe this:
> 
> 'nodsa': '{count} unimportant security {issue} in
> {release}',

"unimportant" has its own meaning in the security tracker too, so it's not
really appropriate.

may "non-critical" or "non-urgent" ?

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Bug#868079: Security issues marked as no-dsa are shown as "ignored"

[Paul Wise]

On Wed, Jul 12, 2017 at 6:51 AM, Moritz Muehlenhoff wrote:

> The PTS shows no-dsa security issues as "Ignored security issue",

Do you have an example of a package where this shows up?

> But showing them as ignored is wrong and misleading.

What wording to replace the current template would you suggest?

'nodsa': '{count} ignored security {issue} in {release}',

Maybe this:

'nodsa': '{count} unimportant security {issue} in
{release}',

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Bug#868079: Security issues marked as no-dsa are shown as "ignored"

[Moritz Muehlenhoff]

Package: tracker.debian.org
Severity: normal

The PTS shows no-dsa security issues as "Ignored security issue",
but that's wrong: They are not ignored per se, it only means they
don't warrant an immediate DSA. They can stable through a point
release or they're lined up, they can be piggybacked on a DSA if
a more severe issues comes forth or they can be left unfixed.

But showing them as ignored is wrong and misleading.

Cheers,
Moritz