Hi Michael, On Thu, Apr 16, 2009 at 11:10:38PM -0400, Michael S. Gilbert wrote: > would it make sense to integrate ubuntu's security tracker with > debian's, especially since the two distros are so closely related? > for example, [intrepid]/[jaunty] tags could be used to track > ubuntu-specific issues within the debian tracker. > > this would greatly reduce duplication of effort and make it clear to > the other team when the one pushes a fix since everyone will be getting > updates from the same tracker. it would also make a lot of sense for > the two teams to work more closely together. > > also, debsecan could finally be modified so that its output makes > sense on ubuntu (a pet peeve of mine). > > just a thought.
It was discussed a lot when we were first building out our tracker, but our data sets are 4 times larger (we've effectively got 3 oldstables, 1 stable, and 1 testing). Also, we wanted to have a lot more information represented in our tracker that didn't really fit the format of the secure-testing tracker. We modelled our tracker after the kernel-security tracker instead. Our results are here[1]. Our tracker's support tools now both fetch hints from the Debian tracker as well as push hints from our back out. NFU's have been working for a while now, but today I finally finished the first pass at noticing "TODO: check" entries where Ubuntu knows about a possible package match in the Debian archive. So, I'm trying to work as closely as possible, but we've got a lot of demands for statistics, bug links, credit, and our Canonical-supported/community-support split. There's a ton of metadata we're hauling around in our entries, and it seemed like it wouldn't be much fun to jam all that into the Debian tracker. -Kees [1] https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master -- Kees Cook @debian.org _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
