On Wed, Sep 17, 2014 at 09:10:39AM +0000, Thijs Kinkhorst wrote:
> Package: security-tracker
> Severity: wishlist
>
> Hi,
>
> In the overview per-package, the tracker currently shows for each CVE
> name about seven columns: squeeze, squeeze-security, squeeze-lts, wheezy,
> wheezy-security, jessie, sid.
>
> I think for the overviews it would be preferable if the table just shows the
> status for each release ('squeeze', 'wheezy' (or maybe even
> 'oldstable','stable')) etc overall, that is, 'wheezy' will show fixed if an
> issue is fixed in wheezy-security. I believe that this represents best how
> people think about an issue being fixed.
>
> For an individual CVE page, I think the same would go for the overview on the
> top (this currently shows only "Debian/stable" for all wheezy suites but
> confusingly shows "vulnerable" if it's fixed in wheezy-security).
>
> The detailed info about the exact suites can remain to be found in the table
> under "Vulnerable and fixed packages" on the CVE page.
Full ack. This is especially bad for Squeeze, which no longer has point
update, so e.g. https://security-tracker.debian.org/tracker/source-package/php5
shows many issues which are marked as open because they "only fixed in
squeeze-lts".
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
