Hi,
On Tue, Aug 31, 2021 at 05:32:44PM +0200, Sylvain Beucler wrote:
> I submitted a MR for the tool at:
> https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/88
>
> Follow/comment there if you're interested.
Thanks for that.
I will try to schedule some time for it
I submitted a MR for the tool at:
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/88
Follow/comment there if you're interested.
Cheers!
Sylvain Beucler
Debian LTS Team
On Mon, Aug 30, 2021 at 10:57:59AM +0200, Sylvain Beucler wrote:
> Hi Roberto,
>
> Thanks for your thorough review :)
> I answer a couple comments below:
>
> On 29/08/2021 05:08, Roberto C. Sánchez wrote:
> > On Sat, Aug 28, 2021 at 08:30:56PM +0200, Sylvain Beucler wrote:
> > > Here are a few
Hi Roberto,
Thanks for your thorough review :)
I answer a couple comments below:
On 29/08/2021 05:08, Roberto C. Sánchez wrote:
On Sat, Aug 28, 2021 at 08:30:56PM +0200, Sylvain Beucler wrote:
Here are a few use cases:
...
# Also report CVE entries that may have been missed for newly
Hi Sylvain,
I have spent some time looking over your code and trying out the tool.
Overall, the code looks good, easy to understand, and useful in
functionality.
On Sat, Aug 28, 2021 at 08:30:56PM +0200, Sylvain Beucler wrote:
>
> Here are a few use cases:
>
> # Report CVE entries that may
Hi,
I went through the several discussions and attempts that happened over
the past few years: we have several similar problems, typically:
- tagging CVEs for renamed packages in Debian
- tagging CVEs for renamed packages in Debian LTS or ELTS
- tagging CVEs for related package sets
On Fri, Feb 26, 2021 at 3:35 PM Markus Koschany wrote:
> How can we keep the [embedded copies] list up-to-date?
Considering that the copies can be added, removed or made irrelevant
in each upload of each package, I think this would be a very hard
problem.
The simplest solution would be to
Hi,
Am Donnerstag, den 25.02.2021, 20:01 +0100 schrieb Moritz Mühlenhoff:
> Am Thu, Feb 25, 2021 at 05:30:05PM +0100 schrieb Sylvain Beucler:
> > - This problem is similar/related to tracking embedded code copies.
> > See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/2
> > With
Hi Moritz,
Thanks for CC'ing.
On Thu, Feb 25, 2021 at 08:01:42PM +0100, Moritz Mühlenhoff wrote:
> Am Thu, Feb 25, 2021 at 05:30:05PM +0100 schrieb Sylvain Beucler:
> > - This problem is similar/related to tracking embedded code copies.
> > See
On Thu, Feb 25, 2021 at 10:41 PM Ola Lundqvist wrote:
> Finding embedded code copies is harder.
There are some useful strategies for that listed on the wiki:
https://wiki.debian.org/EmbeddedCopies
Probably `apt-file search -I dsc` and the various code searching
services (sources.d.o
Hi
I think related packages is fairly easy to automate. I wrote a small script
that takes a line separated list of packages on standard input and
outputs what packages that are (likely) related.
Here is an example usage:
ola@tigereye:~$ cat stretch-packages.txt | sort -u | ./
Am Thu, Feb 25, 2021 at 05:30:05PM +0100 schrieb Sylvain Beucler:
> - This problem is similar/related to tracking embedded code copies.
> See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/2
> With one difference: there's no reference source package.
Not reallly, embedded code
Hi,
During today's meeting we discussed how to track CVEs in related
source packages. For instance unbound vs. unbound-1.9, or golang
(ELTS) vs. golang-1.7/golang-1.8 (LTS) vs. golang-1.11.
We may miss/delay affected packages due to this, unless the front-desk
is already aware of all related
13 matches
Mail list logo
