[sorry for crossposting, but this is relevant to both ML, please cc] Hi, while searching bugtraq for not-yet-fixed security bugs, I found out that there is no reliable way (apart from testing yourself) if a package has been patched for a specific security advisory. It would be fine to include as best practice for maintainers fixing security bugs to include something (Fixes: <CAN-ID-or-something>) in the changelog so it is easy to track such changes. regards, filippo
Attachment:
signature.asc
Description: Digital signature