[tracker] New sub-states for issues tagged no-dsa

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[tracker] New sub-states for issues tagged no-dsa

Sébastien Delafond-2
After some discussion about what no-dsa really means, I've added 2 new
sub-states to the tracker, and they can be used as follows:

  CVE-2018-10012345
         - foo <unfixed> (bug #9876543)
         [stretch] - shadow <postponed> (Minor issue, later)
         [jessie] - shadow <postponed> (Minor issue, later)
         [wheezy] - shadow <postponed> (Minor issue, later)
  CVE-2018-10012346
         - foo <unfixed> (bug #9876542)
         [stretch] - shadow <ignored> (maintainer choice)
         [jessie] - shadow <ignored> (maintainer choice)
         [wheezy] - shadow <ignored> (maintainer choice)

The actual state will still be "no-dsa" in both cases, but hopefully the
sub-state clears things up as to *why* we chose no-dsa.

The per-issue web views does expose those sub-states, see for instance
libemail-address-perl[1] and cacti[2], and the status pages[3][4][5]
allow to filter on them (someone with actual web skills should probably
make it so that checking "include issues tagged <ignored/postponed>"
automatically checks "include issues tagged <no-dsa>").

Cheers,

--Seb

[1] https://security-tracker.debian.org/tracker/source-package/libemail-address-perl
[2] https://security-tracker.debian.org/tracker/source-package/cacti
[3] https://security-tracker.debian.org/tracker/status/release/stable
[4] https://security-tracker.debian.org/tracker/status/release/oldstable
[5] https://security-tracker.debian.org/tracker/status/release/oldoldstable

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [tracker] New sub-states for issues tagged no-dsa

Guido Günther
Hi,
On Fri, Aug 11, 2017 at 09:01:37PM +0200, Sébastien Delafond wrote:

> After some discussion about what no-dsa really means, I've added 2 new
> sub-states to the tracker, and they can be used as follows:
>
>   CVE-2018-10012345
> - foo <unfixed> (bug #9876543)
> [stretch] - shadow <postponed> (Minor issue, later)
> [jessie] - shadow <postponed> (Minor issue, later)
> [wheezy] - shadow <postponed> (Minor issue, later)
>   CVE-2018-10012346
> - foo <unfixed> (bug #9876542)
> [stretch] - shadow <ignored> (maintainer choice)
> [jessie] - shadow <ignored> (maintainer choice)
> [wheezy] - shadow <ignored> (maintainer choice)
>
> The actual state will still be "no-dsa" in both cases, but hopefully the
> sub-state clears things up as to *why* we chose no-dsa.

This is awesome and will make it much clearer why s.th. is actually
no-dsa. We can now also go through postponed issues and check whether
they actually got fixed in a point release.
Cheers,
 -- Guido

>
> The per-issue web views does expose those sub-states, see for instance
> libemail-address-perl[1] and cacti[2], and the status pages[3][4][5]
> allow to filter on them (someone with actual web skills should probably
> make it so that checking "include issues tagged <ignored/postponed>"
> automatically checks "include issues tagged <no-dsa>").
>
> Cheers,
>
> --Seb
>
> [1] https://security-tracker.debian.org/tracker/source-package/libemail-address-perl
> [2] https://security-tracker.debian.org/tracker/source-package/cacti
> [3] https://security-tracker.debian.org/tracker/status/release/stable
> [4] https://security-tracker.debian.org/tracker/status/release/oldstable
> [5] https://security-tracker.debian.org/tracker/status/release/oldoldstable
>

Loading...