[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Patch Tagging Guidelines: DEP-3 moved to ACCEPTED status

On 16/01/12 16:01, Jonathan Wiltshire wrote:
A CVE field, mandatory if a
CVE has been published for this patch and is the major component of this
patch, would allow easy tracing of patches back to CVE publications
later (for review perhaps, or by other distributions).

I wonder whether CVE IDs are close enough to being a (limited-scope) bug tracking system to treat them as such, analogous to Bug-Debian, Bug-Fedora etc.; I've previously used "Bug-CVE: CVE-2011-xxxx" in ioquake3, although I haven't been completely consistent about that.

(Also, a Bug-* line would ideally have a URI - is there a canonical URI corresponding to each CVE ID, preferably one that doesn't still just say "RESERVED" long after the embargo date?)


Reply to: