Hi! Tonnerre Lombard wrote: > Salut, Adam, > > On Wed, 17 Sep 2008 13:16:42 +0200, Adam Hoka wrote: > > "Should we try to monitor package additions as well, > > looking for potentially hazardous packages and re-opening old tickets > > in question?" > > Thing is, this puts an additional burden on us. For every package added > to pkgsrc, we have to search our database for entries matching the > package name, and if there's a match, test if it still applies, and if > so, we go to the normal procedure. Expect my help in the (unfortunately not near because of EBUSY) future. > > And how does it make the tool more effective? :) > > Efficiency is a different beast. The problem is more that we shouldn't > grant arbitrary people to the database of unresolved security problems, > of course, with all details about them. It's quite normal that this > database is not public. > > Of course this complicates things, but I'm sure you see the reason > behind it. Ah, I think we have misunderstood each other. I meant a tool to collect possible CVE-s for existing and new packages. -- Adam
Attachment:
pgpcLUYrWFRSM.pgp
Description: PGP signature