Hi, On Tue, Jun 25, 2013 at 11:38 AM, Marc Haber <mh+debian-de...@zugschlus.de> wrote: > Will you also check Debian unstable? It is much easier to have a > package in unstable fixed, and I suspect that not every crash you find > will be a security relevant one.
We actually already did :) We re-ran all the crashes on debian unstable. This means that all the crashes we are going to report have been confirmed on the latest packages from debian unstable. > Additionally, I guess that the vast majority of crahes you have found > will be upstream bugs which the Debian maintainer would have to > forward upstream. Will you take efforts to report these bugs to > upstream as well? Yes. Bugs will be reported upstream first. After two weeks, we will re-ran the crashes on the latest packages from Debian unstable. Hopefully, the upstream developers will had time to update packages with a fix. If the crash still exists, then we will go ahead and submit a report to the Debian BTS. > Will you check distributions other than Debian, and how will you make > sure that the upstreams are no swamped with identical bug reports from > each of their downstream distributions? We might check distributions other than Debian in the near future, and, as you pointed out, we need to be careful not to report duplicate bugs. Avoiding duplicate reports has been one of our main goal. That is why we are reporting only one bug per binary, and at most 5 crashes per package. We are still thinking about how to minimize duplicate reports across distributions. One idea would be to limit the number of "open" bug report to 1 per upstream. When the bug is marked as fixed, we analyze the patched binary with Mayhem, and potentially report a new bug if a crash is found. Thanks, The Mayhem Team Cylab, Carnegie Mellon Univeristy -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caf1as2jtkkam+y2bhpjwkkqpwawgwf4dz7l9wpowfbspqnu...@mail.gmail.com
