[Secure-testing-team] d-d-c and CVE/list processing
Stefan Fritsch
sf at sfritsch.de
Mon Apr 10 15:24:40 UTC 2006
Hi,
On Monday 10 April 2006 17:21, Moritz Muehlenhoff wrote:
> > What exactly do you do with d-d-changes? Just grep [1] through
> > the mails for cve references? That I could do. Or do you check
> > all changelog entries for security relevance?
>
> The latter, grepping doesn't find them all as the data isn't
> sufficiently well-formed. Maintainers are very creative in writing
> crappy changelog entries. It takes about 10-15 minutes per day in
> my experience.
Ok, I can do that. I thought it would take longer.
Cheers,
Stefan
More information about the Secure-testing-team
mailing list