[Secure-testing-team] restructuring embedded code copies

Moritz Muehlenhoff jmm at inutil.org
Thu Dec 27 17:59:09 UTC 2007

Nico Golde wrote:
> I started restructuring the embedded code copies file 
> because it has become very chaotic over the time and I think 
> it can be well structured using a similar format as in the 
> CVE list.
> I converted the xpdf entry to the new format:
> http://lists.alioth.debian.org/pipermail/secure-testing-commits/2007-December/008048.html
> The format I used for now is:
> <srcpkg> (<optional comment about srcpkg>)
>         - <embedding srcpkg> <status> (<sort>; bug #<number>)
>         NOTE: optional comments about the linkage of the embedding srcpkg
> status: version number fixing the embedded copy, <unfixed> or <unknown> if the version number can not be determined
> sort: static/dynamic
> Improvements are welcome, what do you think about this format, what could be better?

The format should differentiate between <static> (linking statically against a lib)
and <embed> (embedding a copy of the library into another source package).

Other than that it appears fine.


More information about the Secure-testing-team mailing list