On wto, lut 18, 2014 at 02:08:09 -0800, Russ Allbery wrote: > Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> writes: > > On wto, lut 18, 2014 at 01:29:06 -0800, Russ Allbery wrote: > > >> I think you were also saying this, but just to be very clear: please > >> also include the CVE numbers directly in debian/changelog in the entry > >> for whatever release they were fixed in, not just in the bug text. The > >> security team's tracking of open security vulnerabilities relies on > >> being able to analyze the debian/changelog file to determine when CVEs > >> were closed in the Debian packaging. > > > Do I need to take experimental under consideration, i.e. modify > > changelog for experimental releases ? > > I don't believe it's particularly important whether CVEs show up as fixed > in the experimental version in which they were actually fixed or in the > first unstable version in which the fix appears. The former is more > pedantically correct, but I believe the security team primarily cares > about having a complete picture of open security bugs in unstable, > testing, and stable releases. Experimental doesn't receive the same type > of security support and is therefore less important for tracking purposes. > > --
hi, I uploaded my version to mentors. Would you be so nice to review it ? http://mentors.debian.net/package/maradns -- Pozdrawiam, Dariusz Dwornikowski, Assistant at Institute of Computing Science, PoznaĆ University of Technology www.cs.put.poznan.pl/ddwornikowski/ room 2.7.2 BTiCW | tel. +48 61 665 29 41 -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140219190041.gb19...@blackstar.cs.put.poznan.pl
