On Mon, 26 Jan 2009, Richard Hughes wrote: > Some people don't even put that into Bohdi. I think that some update > text and CVE's should be mandatory and bugzillas should be recommended. It doesn't make sense to make CVEs mandatory. For packages like phpMyAdmin and ClamAV security issues the CVEs are often created after the update happened, so the only thing, I can do there, when preparing the update is to add the Red Hat Bugzilla ID. Making CVE mandatory for a bugfix-only or for an enhancement update also doesn't make any sense. Greetings, Robert -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
