Re: Patch Tagging Guidelines: DEP-3 moved to ACCEPTED status
On 2012-01-16 15:02, Stefano Zacchiroli wrote:
Does anyone have further comments about DEP-3? If so, please state
them. Otherwise, let's forget about the process details (no matter
they could have been better or not) and rejoice for a nice standard
of adding useful metadata to patches in the Debian archive.
It is only a small thing but I did not realise DEP-3 was still a
candidate or I would have spoken earlier. A CVE field, mandatory if a
CVE has been published for this patch and is the major component of this
patch, would allow easy tracing of patches back to CVE publications
later (for review perhaps, or by other distributions).
Such a field should probably be comma-separated if more than one CVE
identifier is relevant to the patch.
Jonathan Wiltshire firstname.lastname@example.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51