On 2012-01-16 15:02, Stefano Zacchiroli wrote:
Does anyone have further comments about DEP-3? If so, please statethem. Otherwise, let's forget about the process details (no matter if they could have been better or not) and rejoice for a nice standard wayof adding useful metadata to patches in the Debian archive.
It is only a small thing but I did not realise DEP-3 was still a candidate or I would have spoken earlier. A CVE field, mandatory if a CVE has been published for this patch and is the major component of this patch, would allow easy tracing of patches back to CVE publications later (for review perhaps, or by other distributions).
Such a field should probably be comma-separated if more than one CVE identifier is relevant to the patch.
-- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51