On 03/14/2013 05:02 PM, Rahul Sundaram wrote:
On 03/14/2013 04:33 PM, Przemek Klosowski wrote:
I didn't realize that my method was 'relying on the kindness of
strangers' for including the relevant CVE data in the changelog, but
it often gives a quick, direct answer for the specific system you're
on. If this was accidental rather than a policy, it'd make sense to
codify and preserve the practice of including such security patch
status in RPM changelogs, particularly when they are backported but in
general case as well.
When patches are backported, typically the changelog would cover the
reason for doing so but not necessarily when a new update fixes a bunch
of issues and security issue happens to be one of them. In some cases,
there is no CVE id assigned for the problem either but if you want to
request that packaging guidelines recommend this in the general case,
file it at
https://fedorahosted.org/fpc/
OK, let's see whether others like it too:
https://fedorahosted.org/fpc/ticket/267
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
