On 2016-05-19 19:22:18, Brian May wrote: > Antoine Beaupré <anar...@orangeseeds.org> writes: >> I wonder if some of that stuff should be automated. I am fairly new with >> the security process, how often do mistakes like this happen anyways? >> >> And how hard would it be to automate this? > > I would suggest a move useful thing to automate would be filling in more > details in the template email "bin/gen-DLA --save" creates. For example, > it could automatically pull in a summary for each CVE from data/CVE/list > and insert it in the template email. If you are only closing one CVE it > doesn't make a huge difference (except perhaps as an additional sanity > check you listed the correct CVE), if there are many CVE's the risk of > error in filling out details for one of the CVEs by hand increases. It > could also add more standardised text (such as "This is fixed in version > X; we recommend you upgrade.").
Actually - I often parse this from the debian/changelog. a. -- Travail, du latin Tri Palium trois pieux, instrument de torture.
