Bug#528281: closed by Nico Golde <nion at debian.org> (Re: Bug#528281: gnutls26: CVE-2009-1417 certificate expiration vulnerability)

Adam D. Barratt adam at adam-barratt.org.uk
Fri May 15 21:52:55 UTC 2009


On Fri, 2009-05-15 at 15:02 -0400, Michael S. Gilbert wrote:
> On Fri, 15 May 2009 20:50:47 +0200, Nico Golde wrote:
> > Hi,
> > * Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-05-15 19:45]:
> > > On Tue, 12 May 2009 00:03:05 +0000, Debian Bug Tracking System wrote:
> > > > This is an automatic notification regarding your Bug report
> > > > which was filed against the gnutls26 package:
> > > > 
> > > > #528281: gnutls26: CVE-2009-1417 certificate expiration vulnerability
> > > 
> > > does it make sense to close this bug since etch/lenny are still
> > > vulnerable?  from my perspective, it is better to keep the bug open so
> > > that it stays on the maintainer's radar.
> > 
> > You are aware of the fact that our BTS knows about versions?
> 
> yes, but closing the bug moves it down to the resolved section of the
> bug pages, which makes it much more likely to be mistakenly overlooked.

In the default BTS view, yes; but that default view reflects the current
state of the package in unstable.  If bugs that need fixing in
{old,}stable are getting overlooked, then that's something we need to
address.  Not correctly marking the bug as fixed in unstable is not the
way to do so.

Regards,

Adam





More information about the Pkg-gnutls-maint mailing list