[Secure-testing-team] d-d-c and CVE/list processing
Moritz Muehlenhoff
jmm at inutil.org
Mon Apr 10 15:21:23 UTC 2006
Stefan Fritsch wrote:
> On Sunday 09 April 2006 22:22, Moritz Muehlenhoff wrote:
> > I need to submit my thesis by end of this month and I'll travel
> > through Mexico two weeks ahead of DebConf, so I won't be able to
> > process CVE/list updates and merge information from
> > debian-devel-changes in CVE/list until DebConf. I'd would be great
> > if someone steps in, especially for the latter, as that's where 90%
> > of our information for fixes in sid is coming from.
>
> What exactly do you do with d-d-changes? Just grep [1] through the
> mails for cve references? That I could do. Or do you check all
> changelog entries for security relevance?
The latter, grepping doesn't find them all as the data isn't sufficiently
well-formed. Maintainers are very creative in writing crappy changelog
entries. It takes about 10-15 minutes per day in my experience.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list