Hi Mike See answers below.
On Thu, 29 Nov 2018 at 12:58, Mike Gabriel <mike.gabr...@das-netzwerkteam.de> wrote: > Hi all, > > the last days I found the data/dla-needed.txt in the security-tracker > Git repo rather empty, no new work-needing packages have been added by > LTS frontdesk and I wonder the following things: > > * are we behind with LTS CVE triaging? > No I would not say so. There are two packages to analyze faad2 and jasper but I think the status is good. > * is the security team behind with CVE triaging and LTS waits > for the security team to triage issues first? > No > * is extra CVE triaging for LTS only? > Not sure what you mean with this. > * is extra CVE triaging required for non-LTS and the security > team could need a hand? > That could be the case. There are 7 packages not triaged in non-LTS that have been triaged for LTS. > > When I look into the output of bin/lts-cve-triage.py, I see many CVE > issues with state "undetermined" for jessie. When I look into the > security-tracker's WebUI, it shows that most of them are also > undetermined for all other versions of Debian. > > Overall question, do we have spots in our workflow where man power is > needed right now other than with fixing packages? > Yes it is always good to check the "undetermined" issues. It would be good to conclude whether they can be determined. Usually it is not easy to do so, but I think it is worth spending time on that if we have time available. // Ola > > Thanks+Greets, > Mike > -- > > DAS-NETZWERKTEAM > mike gabriel, herweg 7, 24357 fleckeby > mobile: +49 (1520) 1976 148 > landline: +49 (4354) 8390 139 > > GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 > mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
