[Secure-testing-team] "FIXES:" and "FIXED-BY:" directives
Florian Weimer
fw at deneb.enyo.de
Tue Oct 18 09:47:43 UTC 2005
* Moritz Muehlenhoff:
>> In general, the "will be fixed soon" part for testing/unstable is much
>> harder. 8-)
>
> Ahh, I thought you wanted to add manual Sarge/Woody tracking for all
> the entries in CAN/list.
Most of them are either unfixed, or there is a DSA for them. In some
cases, the vulnerable code may have been added after the stable
release, and I would supply a
[sarge] - PACKAGE <not-affacted> (vulnerable code was added post-release)
when I come across such a case. But I don't expect many instances.
> I agree, the canonical information should come from security.debian.org
> anyway and the few cases where our information differs are negligible
> IMO.
Okay.
Shall I undo my local FIXES/FIXED-BY changes, add the propagation code
for {...}, and merge back my local changes for tracking sarge/woody,
then?
More information about the Secure-testing-team
mailing list