* Moritz Muehlenhoff: > Florian Weimer wrote: >> If you don't object, I'd like to add version information for sarge to >> the data/CAN/list file. The reason is, of course, that it doesn't >> make sense to maintain the CVE mapping in two different places. > > I'd recommend to wait two more weeks. The infrastructure (especially > wrt tracking stable) might change after the Oldenburg meeting and I > think it would make more sense to discuss this a piece of something > larger.
*shrug* I can keep the changes private. The data has to be collected and consistency-checked anyway. I somehow doubt that the stable security team keeps an up-to-date super-secret bug tracker. > This would only be useful for checking new entries, as the package > list is in flux and I'd rather not want to rewrite history. (e.g. > we have several bugs against openwebmail, which is no longer in > the archive). A script like this would be very useful, indeed. We could keep a list of ex-packages. I think I'll have to create a sarge-ignore list anyway. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
