* Moritz Muehlenhoff: >> * Use the description (in [brackets]) as the unqiue identifier. The >> downside is that we still won't have really stable identifiers for >> non-CVE issues. > > I don't think we've ever changed a temporary description in brackets so > far, so that would be my preferred solution.
Okay, in this case, this is probably the way to go. If we keep the text in square brackets once we switch from CVE-2006-XXXX to the real CVE name, I might even be able to automatically infer the transition of the internal identifier (used by debsecan) to the CVE ID. > Nothing is too minor for MITRE, it's just that someone need to push it > to them. But we should track this process in SVN, e.g. with a short file > who did it, when at and at what time we pinged them etc. I doubt that the Subversion repository is best suited to this kind of task, but I'll shut up until I can offer something better. 8-) _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
