Discussion:
Bug#868079: Security issues marked as no-dsa are shown as "ignored"
Add Reply
Moritz Muehlenhoff
2017-07-11 21:00:01 UTC
Reply
Permalink
Raw Message
Package: tracker.debian.org
Severity: normal

The PTS shows no-dsa security issues as "Ignored security issue",
but that's wrong: They are not ignored per se, it only means they
don't warrant an immediate DSA. They can stable through a point
release or they're lined up, they can be piggybacked on a DSA if
a more severe issues comes forth or they can be left unfixed.

But showing them as ignored is wrong and misleading.

Cheers,
Moritz
Paul Wise
2017-07-12 03:00:01 UTC
Reply
Permalink
Raw Message
Post by Moritz Muehlenhoff
The PTS shows no-dsa security issues as "Ignored security issue",
Do you have an example of a package where this shows up?
Post by Moritz Muehlenhoff
But showing them as ignored is wrong and misleading.
What wording to replace the current template would you suggest?

'nodsa': '<a href="{url}">{count} ignored security {issue}</a> in {release}',

Maybe this:

'nodsa': '<a href="{url}">{count} unimportant security {issue}</a> in
{release}',
--
bye,
pabs

https://wiki.debian.org/PaulWise
Raphael Hertzog
2017-07-17 08:40:02 UTC
Reply
Permalink
Raw Message
Hi,
Post by Paul Wise
Post by Moritz Muehlenhoff
The PTS shows no-dsa security issues as "Ignored security issue",
Do you have an example of a package where this shows up?
https://tracker.debian.org/xmlsec1
Post by Paul Wise
Post by Moritz Muehlenhoff
But showing them as ignored is wrong and misleading.
What wording to replace the current template would you suggest?
'nodsa': '<a href="{url}">{count} ignored security {issue}</a> in {release}',
'nodsa': '<a href="{url}">{count} unimportant security {issue}</a> in
{release}',
"unimportant" has its own meaning in the security tracker too, so it's not
really appropriate.

may "non-critical" or "non-urgent" ?

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Paul Wise
2017-07-18 02:20:01 UTC
Reply
Permalink
Raw Message
Post by Raphael Hertzog
may "non-critical" or "non-urgent" ?
I think I would go with non-urgent.

Perhaps it should also mention point releases?
--
bye,
pabs

https://wiki.debian.org/PaulWise
Moritz Mühlenhoff
2017-07-18 06:30:02 UTC
Reply
Permalink
Raw Message
Post by Paul Wise
Post by Raphael Hertzog
may "non-critical" or "non-urgent" ?
I think I would go with non-urgent.
Perhaps it should also mention point releases?
Yeah, it should point to the general process. I'll draft a short
text for this during the next weeks.

Cheers,
Moritz

Loading...