To pick some random example, <http://www.kb.cert.org/vuls/id/754281> lists Debian''s status as "Unknown", even though Debian was notified last year. What would be necessary to ensure that CERT/CC publishes accurate information regarding Debian in their vulnerability notes? Presumably, they''ve tried to contact us in some way, but we haven''t responded.