Moritz Muehlenhoff wrote:> Hi,
> I''ve started adding some user tags for bugs we already track in
our tracker.
> The usertag user is
''secure-testing-team@lists.alioth.debian.org'' and the
> tag is ''tracked''.
>
> So, once a bug is in our tracker we can add it by sending a mail to
request@bugs.debian.org
> with the following body:
> | user secure-testing-team@lists.alioth.debian.org
> | usertag 329384 + tracked
You''ve probably seen the ramifications in the svn-commits list,
I''ve checked
all the ~ 550 non-archived security-tagged bugs in the BTS and included all
missing one worth to include in the tracker.
> A a later stage we should automate this with a script that parses newly
> introduced bug#s from the CAN/list and adds them, but for now we should
> add the backlog manually.
This script is still worth to write, so if any one has some time to spare,
please go ahead.
> You can use the query above to find all bugs tagged security, which are not
yet
> marked as tracked:
>
http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=secure-testing-team@lists.alioth.debian.org;exclude=tracked
> lists
So, from now on we can use this to find security-related bugs much easier. This
also
means that tagging a security related bug as such becomes more important. Micah,
it might be worthwhile to add this to your proposed extension of the dev-ref.
Cheers,
Moritz