Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] Let''s remove entries for issues that only manifest in the source package
Hi,
let''s remove entries for vulnerabilities that do not manifest in
binary packages from the CAN/list. Filing a bug report for completeness
is fine, but it''s beginning to clutter testing-security.html.
Debian is a binary oriented distribution and we don''t give security
support for /usr/local either :-)
Any objections?
Cheers,
Moritz
Joey Hess
2006-Mar-13 12:28 UTC
[Secure-testing-team] Let''s remove entries for issues that only manifest in the source package
Moritz Muehlenhoff wrote:> let''s remove entries for vulnerabilities that do not manifest in > binary packages from the CAN/list. Filing a bug report for completeness > is fine, but it''s beginning to clutter testing-security.html. > Debian is a binary oriented distribution and we don''t give security > support for /usr/local either :-) > > Any objections?Could we just use a severity of ignore for such issues and filter that out of the list? -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050909/84551db6/attachment.pgp
Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] Let''s remove entries for issues that only manifest in the source package
Joey Hess wrote:> > let''s remove entries for vulnerabilities that do not manifest in > > binary packages from the CAN/list. Filing a bug report for completeness > > is fine, but it''s beginning to clutter testing-security.html. > > Debian is a binary oriented distribution and we don''t give security > > support for /usr/local either :-) > > > > Any objections? > > Could we just use a severity of ignore for such issues and filter that > out of the list?Fine, I''ve tagged the offenders as "unimportant". Can you please adapt checklist? (I can''t really test changes to it w/o access to spohr). Cheers, Moritz
Joey Hess
2006-Mar-13 12:28 UTC
[Secure-testing-team] Let''s remove entries for issues that only manifest in the source package
Joey Hess wrote:> Could we just use a severity of ignore for such issues and filter that > out of the list?Or call the severity "unimportant" might be clearer. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050909/0293cef4/attachment.pgp