Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#868079: Security issues marked as no-dsa are shown as "ignored"
176 views
Skip to first unread message
Moritz Muehlenhoff
Jul 11, 2017, 5:00:02 PM7/11/17
to
Package: tracker.debian.org
Severity: normal
The PTS shows no-dsa security issues as "Ignored security issue",
but that's wrong: They are not ignored per se, it only means they
don't warrant an immediate DSA. They can stable through a point
release or they're lined up, they can be piggybacked on a DSA if
a more severe issues comes forth or they can be left unfixed.
But showing them as ignored is wrong and misleading.
Cheers,
Moritz
Severity: normal
The PTS shows no-dsa security issues as "Ignored security issue",
but that's wrong: They are not ignored per se, it only means they
don't warrant an immediate DSA. They can stable through a point
release or they're lined up, they can be piggybacked on a DSA if
a more severe issues comes forth or they can be left unfixed.
But showing them as ignored is wrong and misleading.
Cheers,
Moritz
Paul Wise
Jul 11, 2017, 11:00:02 PM7/11/17
to
On Wed, Jul 12, 2017 at 6:51 AM, Moritz Muehlenhoff wrote:
> The PTS shows no-dsa security issues as "Ignored security issue",
Do you have an example of a package where this shows up?
> The PTS shows no-dsa security issues as "Ignored security issue",
> But showing them as ignored is wrong and misleading.
'nodsa': '<a href="{url}">{count} ignored security {issue}</a> in {release}',
Maybe this:
'nodsa': '<a href="{url}">{count} unimportant security {issue}</a> in
{release}',
--
bye,
pabs
https://wiki.debian.org/PaulWise
Raphael Hertzog
Jul 17, 2017, 4:40:02 AM7/17/17
to
Hi,
On Wed, 12 Jul 2017, Paul Wise wrote:
> On Wed, Jul 12, 2017 at 6:51 AM, Moritz Muehlenhoff wrote:
> > The PTS shows no-dsa security issues as "Ignored security issue",
> Do you have an example of a package where this shows up?
https://tracker.debian.org/xmlsec1
> > But showing them as ignored is wrong and misleading.
>
> What wording to replace the current template would you suggest?
>
> 'nodsa': '<a href="{url}">{count} ignored security {issue}</a> in {release}',
>
> Maybe this:
>
> 'nodsa': '<a href="{url}">{count} unimportant security {issue}</a> in
> {release}',
"unimportant" has its own meaning in the security tracker too, so it's not
really appropriate.
may "non-critical" or "non-urgent" ?
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
On Wed, 12 Jul 2017, Paul Wise wrote:
> On Wed, Jul 12, 2017 at 6:51 AM, Moritz Muehlenhoff wrote:
> > The PTS shows no-dsa security issues as "Ignored security issue",
> Do you have an example of a package where this shows up?
> > But showing them as ignored is wrong and misleading.
>
> What wording to replace the current template would you suggest?
>
> 'nodsa': '<a href="{url}">{count} ignored security {issue}</a> in {release}',
>
> Maybe this:
>
> 'nodsa': '<a href="{url}">{count} unimportant security {issue}</a> in
> {release}',
really appropriate.
may "non-critical" or "non-urgent" ?
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Moritz Mühlenhoff
Jul 18, 2017, 2:30:02 AM7/18/17
to
On Tue, Jul 18, 2017 at 12:08:18PM +1000, Paul Wise wrote:
> On Mon, 2017-07-17 at 10:32 +0200, Raphael Hertzog wrote:
>
> > may "non-critical" or "non-urgent" ?
>
> I think I would go with non-urgent.
>
> Perhaps it should also mention point releases?
Yeah, it should point to the general process. I'll draft a short
> On Mon, 2017-07-17 at 10:32 +0200, Raphael Hertzog wrote:
>
> > may "non-critical" or "non-urgent" ?
>
> I think I would go with non-urgent.
>
> Perhaps it should also mention point releases?
text for this during the next weeks.
Cheers,
Moritz
Debian Bug Tracking System
Jan 3, 2022, 6:10:03 PM1/3/22
to
Your message dated Mon, 3 Jan 2022 23:59:19 +0100
with message-id <YdN/x6qlJ8...@pisco.westfalen.local>
and subject line Re: Security issues marked as no-dsa are shown as "ignored"
has caused the Debian Bug report #868079,
regarding Security issues marked as no-dsa are shown as "ignored"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
868079: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
with message-id <YdN/x6qlJ8...@pisco.westfalen.local>
and subject line Re: Security issues marked as no-dsa are shown as "ignored"
has caused the Debian Bug report #868079,
regarding Security issues marked as no-dsa are shown as "ignored"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
868079: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
0 new messages