On Fri, Jan 20, 2023 at 3:48 PM Richard Shaw <hobbes1069@xxxxxxxxx> wrote: > I think in practical terms that makes sense but our tools don't really help. I agree, and that seems to be an artifact of the single Fedora component in RHBZ, which treats Fedora as one thing. I supposed (in theory again) that there could be a master bugzilla for the CVE which depends on child bugzillas for each impacted Fedora release, and would get (auto) closed only when all the child bugzillas are resolved (either by updates or the Fedora release aging out). Alternatively, an entirely different bugzilla for each Fedora release (but as Fedora is just a single component, unlike each RHEL which has different components for each version, I don't think that works). > So I guess what I'm asking is if there is a specific policy around this? If not, should there be? I think there should be at least an agreed upon best practice, which needs to be explicitly documented somewhere (maybe it is, but I don't recall seeing it, so I am not following it). So, as with much of Fedora, we fall back to depending on (usually volunteer) packagers to do the right thing (which works out well most of the time because packagers such as yourself are contentious about doing the right thing). _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
