Hello Salvatore, On Sun, 13 Apr 2025 at 16:32, Salvatore Bonaccorso <car...@debian.org> wrote: > I have not gone to all details of your proposal, but the high level > view is IMHO as described in short above. For instance for the zlib > isues that would then move the entries from the ignored (which is a > substate of a no-dsa and apparently comercial security scanner are not > willing to parse or adapt to) to the more narrowed down and specified > substate of nonissue. In particular such a vunerability state could > exactly reflect as well per suite entry in case the state changes > between them.
You mentioned this previously, which is a fair point. I believe one of the alternatives would work, what do you think? Quoting from that email: On Sat, 2 Nov 2024 at 20:02, Samuel Henrique <samuel...@debian.org> wrote: > On Tue, 29 Oct 2024 at 19:43, Salvatore Bonaccorso <car...@debian.org> wrote: > > As mentioned in an earlier message: What I would love to see is to > > actually have a substate which makes the situation clear, and still > > beeing technically correct. I was envisioning something which would be > > a substate like we have for the substate of no-dsa (ignored, > > postponed). > > This sounds like the solution proposal A2, quoting it: > > ## A2) Add a new mutually exclusive state to the set: > "not-affected-build-artifacts" > > Would this be aligned to what you're looking for? I think there wasn't a confirmation after this email. > Hope this clarifies that you are not beeing ignored (heh ;-) no punt > intended here :)), which is as well quite important to me to let you > know. Definitely, I didn't mean to suggest that it's not as important to you as well, and thank you for replying! Regards, -- Samuel Henrique <samueloph>
