> On Thursday 11 May 2006 15:15, Ville Skyttä wrote:
> > Best practice question:
> >
> > Assuming a security issue in package foo which is shipped and vulnerable
> > in many distro versions, do people find it better to file one
> > copy-pasted bug report per distro version or a "combined" one for all
> > which lists the affected distro versions?
> >
> > The one-for-all approach would have the benefit of easier copy-pasting
> > between audit/* files and probably more accurate Bugzilla references in
> > maintainer %changelog entries as the same specfile is used for all
> > distro versions in the vast majority of cases. It could make things
> > slightly harder to track, eg. in Bugzilla queries and such.
> I would think one bugzilla entry for all. If you did one for each you could
> be dealing with 5 bug reports.
I ack this. Things can quickly get out of hand. To beat my favorite dead
horse, mozilla, you have 4 products, across 5 distributions = 20 bugs.
--
JB
