Good communication with upstream is good idea
Stephan Hermann
sh at sourcecode.de
Tue Jul 22 11:06:08 BST 2008
On Mon, 21 Jul 2008 21:59:37 +0200
Florian Weimer <fw at deneb.enyo.de> wrote:
> * Stephan Hermann:
>
> >> What's the correct way to get it out of Unbuntu (universe)? I
> >> don't want to relicense it, but if asking politely does not work,
> >> it seems to be my only choice.
>
> > What needs to be done to make it work on Ubuntu, too?
>
> debsecan needs to be patched to download CVE meta-data from Launchpad,
> and someone needs to maintain the data in Launchpad.
>
So, we need somehow the CVE data from LP or from a source which is
being trusted by Ubuntu...
A relation between open CVEs in Ubuntu packages and closed CVEs in
ubuntu-security packages...
I don't know how far the LP guys are in giving out this data, but I
know that we have the CVE tracker of Ubuntu (kees, jd, emgent
please jump in and fill in any gaps ;)) and we could use this data,
right?
Now I need to find the time to check the source in general, and how
difficult it will to patch it to our needs...and to make Florian
happy :)
\sh
More information about the Ubuntu-motu
mailing list