DSA candidates
cabextract -- commons-httpclient -- file -- fuseiso -- jruby -- kgb-bot -- libcsoap -- libidn -- mini-httpd -- oss4 -- patch -- procmail -- redmine -- wss4j -- novnc/stable -- tiff3/stable -- -- The above is a list of DSA candidates based on the tracker's information. One should evaluate the candidates and either add them to dsa-needed.txt or consider tagging them no-dsa. -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54ec2adf.iw+t1r7mchtgg58j%atomo64+st...@gmail.com
Bug#761859: prototype ready
I was about to suggest having both. Please do that. Richard Sent by mobile; excuse my brevity.
Bug#761859: prototype ready
On Mon, 2015-02-23 at 14:59 +0100, Holger Levsen wrote: > surely. I just wasn't sure whether this should be done on the > security-tracker > side or by it's users... or I could provide two versions: json-full and json(- > aggregated) - do you think that would be useful? I think it would be useful to provide the non-aggregated version for folks who only use some of the stable suites. Not sure if the sectracker has information about stable-proposed-updates but if so it would be good to include it too. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#761859: prototype ready
Hi, On Montag, 23. Februar 2015, Paul Wise wrote: > Hmm, it appears that these are the default urgency from NVD and the ones > without asterisks are ones set by SVN committers. That doesn't appear to > be a distinction worth preserving but it is fine to do so. I kept it under the premise of presenting the raw data. > Please ensure that this json is linked to from the front page of the > security tracker and from the security tracker documentation so that > people building on it can find it easily. will do. > I think for other consumers of the data (not distro-tracker), exposing > fixed version numbers might be interesting. For instance, someone with > 500 machines who aggregates host/package/version information and then > correlates that with the list of security issues from the sectracker. i'll include this in the detailed json output. > I should stop bike-shedding though :) :) > Anyway, the current JSON is good for the distro-tracker from a content > perspective (so please deploy) will do RSN :) cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#761859: prototype ready
Hi, On Montag, 23. Februar 2015, Raphael Hertzog wrote: > The only missing data I see is the Debian bug report assigned to each CVE. I'll add that. > And you call the file "json" but it contains YAML :-) yeah, fixed in the last attached patch, but I will rewrite it to actually output json... > Otherwise, I see that you have the raw data per real suite (aka squeeze is > never fixed, only squeeze-lts is fixed) and I would prefer having data > consolidated by release (i.e. you get the "squeeze" status by merging > squeeze, squeeze-security and squeeze-lts, wheezy by merging wheezy and > wheezy-security, etc.). > > Is that possible ? surely. I just wasn't sure whether this should be done on the security-tracker side or by it's users... or I could provide two versions: json-full and json(- aggregated) - do you think that would be useful? cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#761859: prototype ready
On Sun, 22 Feb 2015, Holger Levsen wrote: > new output is attached in compressed form. The only missing data I see is the Debian bug report assigned to each CVE. And you call the file "json" but it contains YAML :-) Otherwise, I see that you have the raw data per real suite (aka squeeze is never fixed, only squeeze-lts is fixed) and I would prefer having data consolidated by release (i.e. you get the "squeeze" status by merging squeeze, squeeze-security and squeeze-lts, wheezy by merging wheezy and wheezy-security, etc.). Is that possible ? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150223133826.gb2...@home.ouaza.com