On Wed, 26 Aug 2009 19:29:10 +0200, Moritz Muehlenhoff wrote: > You should redirect the TODOs in a file separate from CVE/list,
thanks for looking at this. i personally think that the cve list is the best destination. the reasoning is that cve TODOs are good indicators of what needs worked on and they are associated to specific cves. also, the TODOs show up on the security tracker website and are used by various scripts. yes, the first update from this script will commit over 400 changes, but assuming those issues are addressed or marked <not-affected>, subsequent updates will be much smaller. the important thing is that running this script increases awareness that a package that you're dealing with is embedded elsewhere, and for that to be effective, it needs to update the cve list. > otherwise it clutters the list too much. if you believe that the current formatting is too cluttered, i am certainly open to suggestions. off the top of my head, for each affected cve, i could compact the current one line per embed into one line total for all embeds in that cve. mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
