whole pile o' updates
Lubomir Kundrak
lkundrak at redhat.com
Mon Feb 25 13:48:26 UTC 2008
On Sun, 2008-02-24 at 14:09 -0700, Jake Edge wrote:
> Lubomir Kundrak wrote:
>
> > https://fedorahosted.org/fedora-infrastructure/ticket/392#comment:2
> > We're eager to hear your comments.
>
> I think my questions were answered. I like what I see in the template
> for security reports and the fact that y'all are giving them some
> attention at the moment. I definitely agree that changelogs are only
> interesting if they reflect the changes in the package for that release
> (unlike they sometimes have in the past).
>
> If it is 'easy', it would be helpful to update readers to have the CVE
> references be links to CVE or NVD rather than just link to the redhat
> bugzilla ...
Our decision was not to, because:
1.) Sometimes we get the CVE name after we ship the update, and unlike
the update mails, we can easily update bugzilla.
2.) In most cases our bugzilla contains verbatim copy of the CVE text,
and in all cases it has links to CVE, NVD and alias that is equal to the
CVE name. Our bugzilla even substitutes the CVE names with links to CVE.
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
More information about the Fedora-security-list
mailing list