Date: Tue, 5 Mar 2013 14:30:39 +0100 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: busybox Hi Kurt, On 4 March 2013 03:26, Kurt Seifried <kseifried@...hat.com> wrote: [...] > I didn't say I;'m excluding them. I simply will require an original > source, in this case the year is probably wrong. Not bikeshedding here, but sometimes those bug reports *are* the original source. And with all due respect, it has happened before that you've asked for an "original source" (upstream commit or bug report) when there exists none. All it has lead is to the CVE request becoming stalled or even abandoned. What can we do about it? We already have a quite long list of issues without a CVE id and this is not good for anybody: https://security-tracker.debian.org/tracker/data/fake-names (nb. some of the issues in the list might already have an id but the temporary entry hasn't been removed or it was decided that no id should be assigned) Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ