On Sun, 2008-02-24 at 14:09 -0700, Jake Edge wrote: > Lubomir Kundrak wrote: > > > https://fedorahosted.org/fedora-infrastructure/ticket/392#comment:2 > > We're eager to hear your comments. > > I think my questions were answered. I like what I see in the template > for security reports and the fact that y'all are giving them some > attention at the moment. I definitely agree that changelogs are only > interesting if they reflect the changes in the package for that release > (unlike they sometimes have in the past). > > If it is 'easy', it would be helpful to update readers to have the CVE > references be links to CVE or NVD rather than just link to the redhat > bugzilla ... Our decision was not to, because: 1.) Sometimes we get the CVE name after we ship the update, and unlike the update mails, we can easily update bugzilla. 2.) In most cases our bugzilla contains verbatim copy of the CVE text, and in all cases it has links to CVE, NVD and alias that is equal to the CVE name. Our bugzilla even substitutes the CVE names with links to CVE. Regards, -- Lubomir Kundrak (Red Hat Security Response Team) -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
