Re: Should we be alarmed at our state of security support?
On Fri, Feb 20, 2015 at 12:40 AM, John Goerzen wrote:
> Right now, the security tracker has, apparently, three status for each
> version of Debian:
>
> not vulnerable
> vulnerable
> fixed
>
> What if we add a fourth:
>
> not worth fixing
>
> This could more clearly communicate what is being said by the "no DSA"
> comments, as well as allow debsecan to be improved with this sort of
> information. What do you think?
"no DSA" means "will probably not be fixed via security.debian.org" or
"will only be fixed via a point release by the maintainer or anyone
who cares", not "not worth fixing".
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: