Unhelpful update descriptions
Rahul Sundaram
metherid at gmail.com
Thu Mar 14 21:02:21 UTC 2013
On 03/14/2013 04:33 PM, Przemek Klosowski wrote:
>
> I didn't realize that my method was 'relying on the kindness of
> strangers' for including the relevant CVE data in the changelog, but
> it often gives a quick, direct answer for the specific system you're
> on. If this was accidental rather than a policy, it'd make sense to
> codify and preserve the practice of including such security patch
> status in RPM changelogs, particularly when they are backported but in
> general case as well.
When patches are backported, typically the changelog would cover the
reason for doing so but not necessarily when a new update fixes a bunch
of issues and security issue happens to be one of them. In some cases,
there is no CVE id assigned for the problem either but if you want to
request that packaging guidelines recommend this in the general case,
file it at
https://fedorahosted.org/fpc/
Rahul
More information about the devel
mailing list