[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC - ImageMagick, proper testing, and handling issues without a CVE ID

On 2016-12-01 10:34:20, Raphael Hertzog wrote:
> On Tue, 29 Nov 2016, Antoine Beaupré wrote:
>> I wonder if we should standardize something about this.
>> 
>> I usually name security patches with the following scheme:
>> debian/patches/CVE-XXXX-YYYY(-commithash)?.patch
>
> I use CVE-XXXX-YYYY(-patchnumber)?.patch as some issues require multiple
> patches to be fixed. But I do not embed the commit hash, it's already
> present in the meta-data and does not provide anything useful.

True. It also breaks down if you have to modify the patch, which is
often. I guess it's the framework I used in charybdis to factor in
upstream patches that did *not* require modification.. :)

a.
-- 
Government is the Entertainment division of the military-industrial
complex.
                        - Frank Zappa
Reply to: