Moritz Muehlenhoff wrote: > When filing bugs, please don't ask maintainers to refer to Secunia IDs. > The entries in there are often poorly researched and not suitable as > unique references among distributions. Rather point them to the CVE > entry or - if not yet available - tell them that a CVE ID is going > to be requested.
This is what I have on my template: > If you fix the vulnerability please also make sure to include the SA id (or > the CVE id when one is assigned) in the changelog entry. Do I really need to mention that "a CVE ID is going to be requested"? I believe it is better to have a Secunia ID than no other information to easily identify the issue. Or should I stop asking for that? > > Cheers, > Moritz Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
