If you don't object, I'd like to add version information for sarge to the data/CAN/list file. The reason is, of course, that it doesn't make sense to maintain the CVE mapping in two different places.
The format I want to use is: - hello 2.1.1-5 (bug #nnn; low) - hello 2.1.1-4sarge1 (sarge; bug #nnn; low) The "sarge" flag indicates that this line applies to sarge only. This format has the disadvantage that some of the data has to be duplicated. However, I might even need the added flexiblity because bug archival might force me to file a new bug for sarge, and the urgency could differ for various reasons. If this format (and the whole plan) is acceptable, which script files should I change accordingly? Is checklist the only one? PS: There are quite a few typos in the packages in the data/CAN/list file. Maybe it would be a good idea to include package lists in the repository (without version information because it changes too rapidly), so that consistency checks could be performed locally? (I will commit the fixes once my group membership information on costa has been updated.) _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
