>
> In Legacy we use the bugzilla number as the update ID. I'm not entirely
> sure how Fedora does it. I think it may come from the update tool, and
> if/when we move the update tool to be external and work for all Fedora
> stuff then it would be easy to have uniques.
>
I was thinking about this just the other day. There are two things that
could work I think. The first is to use the bugzilla ID. This has the
advantage of being unique and easy, but has the disadvantage of being a
seemingly random number.
The second idea is how we did Core updates long long ago (well sort of).
We put a file in our cvs repository that looks a bit like this
2006-001
2006-002
2006-003
<see if you can figure out what's next>
We then take one
2006-001 some package
and commit the file. It's important we remember to commit the file lest
someone else steal it. It prevents concurrency issues as only one person
can commit at a time.
Ideally I think it would be best to have a directory layout as such
advisories/
ids
text/
2006-001
We could then write a script that we run with a package name. It then
modifies the ids file, adds a new skeleton file in text/ then runs
cvs commit -m 'Create errata 2006-001'
Once we're happy with the errata text (multiple people can read/modify it),
we run another command that magically mails it to the list in question, and
makes a note in the ids file that it's been "pushed" along with the date.
This would allow us to work on advisories before the packages are ready.
We could also then generate a sort of advisory index page for the project
so when we find some web space somewhere, publishing our advisories is
trivial.
If we ensure we note the bugs fixed in our errata it will also be possible
to close the bugs automagically via our script.
Thoughts?
--
JB
