Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > linux.debian.security > #6384

Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.security
Subject Re: security-tracker: A proposal to significantly reduce reported false-positives (no affected-code shipped)
Date 2024-12-01 15:10 +0100
Message-ID <JOSO5-d0iA-7@gated-at.bofh.it> (permalink)
References <JNzXb-c5Oi-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Hi Samuel,

On Wed, Nov 27, 2024 at 11:28:50PM +0000, Samuel Henrique wrote:
> Hello Salvatore,
> 
> On Sat, 2 Nov 2024 at 20:02, Samuel Henrique <samueloph@debian.org> wrote:
> > On Tue, 29 Oct 2024 at 19:43, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > > As mentioned in an earlier message: What I would love to see is to
> > > actually have a substate which makes the situation clear, and still
> > > beeing technically correct. I was envisioning something which would be
> > > a substate like we have for the substate of no-dsa (ignored,
> > > postponed).
> >
> > This sounds like the solution proposal A2, quoting it:
> > > ## A2) Add a new mutually exclusive state to the set:
> > "not-affected-build-artifacts"
> >
> > Would this be aligned to what you're looking for?
> 
> Could you check if the suggestion above addresses your concern?

Not yet, but I will try to schedule a bit of time in the next weeks
for security-tracker stuff and have a look at this.

Regards,
Salvatore

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Samuel Henrique <samueloph@debian.org> - 2024-11-28 00:50 +0100
  Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Salvatore Bonaccorso <carnil@debian.org> - 2024-12-01 15:10 +0100
    Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Samuel Henrique <samueloph@debian.org> - 2025-03-02 21:50 +0100
      Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Samuel Henrique <samueloph@debian.org> - 2025-04-13 17:30 +0200
        Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Salvatore Bonaccorso <carnil@debian.org> - 2025-04-13 17:40 +0200
      Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Samuel Henrique <samueloph@debian.org> - 2025-04-13 18:10 +0200
        Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Salvatore Bonaccorso <carnil@debian.org> - 2025-05-01 11:30 +0200
          Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Samuel Henrique <samueloph@debian.org> - 2025-05-10 21:40 +0200
            Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Santiago Ruano Rincón <santiagorr@riseup.net> - 2025-05-16 20:30 +0200
              Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Salvatore Bonaccorso <carnil@debian.org> - 2025-05-18 18:50 +0200
                Re: security-tracker: A proposal to significantly reduce reported  false-positives (no affected-code shipped) Roberto C. Sánchez <roberto@debian.org> - 2025-06-03 23:30 +0200

csiph-web