V Thu, Sep 08, 2022 at 01:06:17AM +0200, Kevin Kofler via devel napsal(a):
> Maxwell G via devel wrote:
> > I don't think Fedora packagers should be CCed on these global trackers.
>
> The problem is that, as it stands, those global trackers are the only place
> that actually explains (usually in one paragraph) what the security issue
> actually is. The [fedora-all] trackers are pretty useless considering that
> they contain no information whatsoever beyond the subject line. (Their only
> relevant content is the state, mainly whether they are open or closed.)
>
[fedora-all] bugs links to the vulnerability tracker with Bugzilla
dependencies. For me it's pretty obvious where to find the details. If it's
not for obvious for others, then an additional sentence in the [fedora-all]
description text ("More details about this vulnerability are in bug #NNN")
could help.
-- Petr
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
