[Secure-testing-commits] r11628 - data/CVE
Michael S. Gilbert
michael.s.gilbert at gmail.com
Fri Apr 17 03:21:41 UTC 2009
On Thu, 16 Apr 2009 19:36:04 +0200 Thijs Kinkhorst wrote:
> Hi Michael
>
> On tongersdei 16 April 2009, Michael S. Gilbert wrote:
> > was it desirable to remove the DSA tags from the temporarily named
> > clamav issues in this commit?
>
> Desirable perhaps not, but it is how the current implementation works:
> data/DSA/list is used as the canonical list of DSA's that have been released,
> and these are mapped to their data/CVE/list counterparts. Because these
> issues have no CVE names assigned yet, we have nothing to cross reference
> them from data/DSA/list.
>
> I'm not sure how a better implementation would look like, since I would like
> to keep the feature that data/DSA/list lists the DSA's, and that removing CVE
> from a listing in that file will have it removed from data/CVE/list
> automatically.
wouldn't it just be a matter of (python pseudocode):
if cve_number.endswith( 'XXXX' ):
no DSA stripping logic
else:
DSA stripping logic
More information about the Secure-testing-commits
mailing list