Hi > I think we could create some daily or weekly summary mails from this > data. Is this a useful format? Should we include the long descriptions > from the CVEs? I think those are too long. Or is there a source for short > descriptions for CVEs that I don't know about? I think the output looks alright. There should probably be a template around it explaining the upgrade and so on. I still think that the DTSAs should come with different announcements, to either give them some information, show that they are on security.debian.org and i found them overall informative (but that just might be my personal opinion).
> For removed packages, there is the problem that (AFAIK) the release team > sometimes removes packages temporarily to ease transitions. This could be > confusing for the users. Should the information about removed packages be > included? If the package is removed from testing, it does not mean that the user removes it from their installation, therefore the issue is not fixed. Because of that, I would not include this information. > Should we include other information, like scores from NVD or our > priorities? > > In the last week, there have been 0-4 issues fixed per day. Do we want > daily or weekly summary mails? I would go for daily mails or every 2-3 days, because the users want to get the security information as fast as possible. Thanks for the work. Do you want to commit the scripts to svn? Cheers Steffen
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
