In gmane.linux.debian.devel.security, you wrote:
> As many of you are probably aware, CVE has changed the naming of their
> id's: the temporary "CAN-" prefix has been dropped and an id is now
> always of the form CVE-yyyy-nnnn. More information at the CVE website.
>
> I was wondering what to do with changelogs. I think it might make sense
> to rename CAN-... numbers in old entries to CVE-..., since all entries
> have been renamed and this aids to the goal: having one unique string to
> find any vulnerability by.
>
> Are there any thoughts on changing changelogs retroactively? Might it
> even be an idea to add a lintian check for 'old-style' CAN id's?
You could change them retroactively (with a little note that you did so),
but it's not strictly necessary, as MITRE will continue to provide referrals
from CAN-based entries to CVE-based entries.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
