[Secure-testing-team] [Secure-testing-commits] r12161 - data/CVE
Moritz Muehlenhoff
jmm at inutil.org
Sun Jun 21 19:33:10 UTC 2009
On Fri, Jun 19, 2009 at 04:28:53PM -0400, Michael S. Gilbert wrote:
> On Fri, 19 Jun 2009 22:13:32 +0200, Giuseppe Iuculano wrote:
> > Michael S. Gilbert ha scritto:
> > > i don't see the need for this reversion. if the tracker has these new
> > > versions, which have not yet entered the archive, then it does not mark
> > > the older version (that's still in the archive) as fixed or anything
> > > that would be confusing or incorrect. in fact, i think that it is more
> > > useful to track the fixed version whether or not it has entered the
> > > archive yet.
> > >
> > > maybe i've missed something? what is the philosophy behind this
> > > decision?
> >
> > As Moritz pointed me out, adding entries for packages accepted in stable but not
> > yet entered in the archive makes more difficult to track issues which still need
> > to be addressed for a DSA.
>
> yes, but all of these are for a an upcoming point release, correct? and
> hence will not be involved in any upcoming DSA? from my perspective,
> that doesn't make tracking TODO DSAs any more difficult.
>
> i still don't see the problem.
All these issues still need to be marked no-dsa until the fixed package
has actually been released with a point release.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list