Lack of update information
Robert Scheck
robert at fedoraproject.org
Mon Jan 26 20:01:37 UTC 2009
On Mon, 26 Jan 2009, Richard Hughes wrote:
> Some people don't even put that into Bohdi. I think that some update
> text and CVE's should be mandatory and bugzillas should be recommended.
It doesn't make sense to make CVEs mandatory. For packages like phpMyAdmin
and ClamAV security issues the CVEs are often created after the update
happened, so the only thing, I can do there, when preparing the update is
to add the Red Hat Bugzilla ID.
Making CVE mandatory for a bugfix-only or for an enhancement update also
doesn't make any sense.
Greetings,
Robert
More information about the fedora-devel-list
mailing list