On Sat, Oct 31, 2015 at 04:00:56PM +0100, Raphael Hertzog wrote: > On Fri, 30 Oct 2015, Moritz Muehlenhoff wrote: > > > > - improving the security infrastructure > > > > That has certainly the best net positive from my point of view. > > From my point of view too. But I'm not sure I would put the same > emphasis as you on dak related work.
Well we're the ones who use it all the same and you asked us, so... > I would possibly suggest to work on the security tracker: > - have stats about security updates on all packages so that we can > easily identify which packages should be targetted in any pro-active > security work > - have stats on the delay between issues appearing in our radar and having > the issue fixed > - have stats on the number of open issues in each Debian release > - > https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=security-tracker;dist=unstable We don't need any of this. There's already plenty of data sources from the security tracker w/o people doing the work based on that (like filing bugs for untracked issues, assigning CVEs to temp issues). > The general workflow of the security teams can possibly be improved with > better tools. All the problems we have are around the archive processing side (with the low-hanging fruits the onea above). Cheers, Moritz
