[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lack of update information



On Mon, 26 Jan 2009, Richard Hughes wrote:
> Some people don't even put that into Bohdi. I think that some update
> text and CVE's should be mandatory and bugzillas should be recommended.

It doesn't make sense to make CVEs mandatory. For packages like phpMyAdmin
and ClamAV security issues the CVEs are often created after the update
happened, so the only thing, I can do there, when preparing the update is
to add the Red Hat Bugzilla ID.

Making CVE mandatory for a bugfix-only or for an enhancement update also
doesn't make any sense.


Greetings,
  Robert


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]