Ubuntu CVE Tracker

Merge ~aburrage/ubuntu-cve-tracker:ignored-status-update into ubuntu-cve-tracker:master

Proposed by Alex Burrage on 2022-01-27

Status:	Merged
Approved by:	Alex Burrage on 2022-03-23
Approved revision:	70cec829c94a09354517625be61252f8f5a7bef5
Merged at revision:	70cec829c94a09354517625be61252f8f5a7bef5
Proposed branch:	~aburrage/ubuntu-cve-tracker:ignored-status-update
Merge into:	ubuntu-cve-tracker:master
Diff against target:	28 lines (+12/-5) 1 file modified README (+12/-5)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Alex Murray	2022-01-27	Approve on 2022-02-01
Marc Deslauriers	2022-01-27	Pending
Shaun Murphy	2022-01-27	Pending
Steve Beattie	2022-01-27	Pending
Review via email: mp+414690@code.launchpad.net

Change to the policy for recording ignored status in user consumable form

Revision history for this message

Seth Arnold (seth-arnold) on 2022-01-27:

Revision history for this message

Alex Murray (alexmurray) wrote on 2022-02-01:

LGTM!

review: Approve

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

People subscribed via source and target branches

to all changes:

 diff --git a/README b/README
 index f592f15..6e00f3a 100644
 --- a/README
 +++ b/README
@@ -319,11 +319,18 @@ For a given CVE, the package and release with status is encoded as:
  		field.	(Notes are valid.)
    ignored	This package (for the given release), while related to the
--		CVE in some way, is being ignored for some reason.  The
--		"notes" should detail why.  This is generally used when
--		a given CVE's priority is "negligible", and a firm
--		determination has been made to not fix a given release.
--
++		CVE in some way, is being ignored for some reason. This could
++		be because the package is no longer supported, or the CVE
++		has been withdrawn, or because fixing the issue would break
++		other functionality.
++		The reason for decision should be recorded in brackets, e.g.:
++		ignored (out of standard support)
++		ignored (fix would unavoidably negatively impact other
++			packages)
++		ignored (vulnerabilty has been disputed by upstream
++			maintainers)
++		The "notes" section may give more detail and external links.
++
    pending	This package (for the given release) is vulnerable, and
  		an update is pending, usually waiting for upload or
  		publication.  The "version" should be the version containing