Unhelpful update descriptions
Przemek Klosowski
przemek.klosowski at nist.gov
Fri Mar 15 13:52:38 UTC 2013
On 03/14/2013 05:02 PM, Rahul Sundaram wrote:
> On 03/14/2013 04:33 PM, Przemek Klosowski wrote:
>>
>> I didn't realize that my method was 'relying on the kindness of
>> strangers' for including the relevant CVE data in the changelog, but
>> it often gives a quick, direct answer for the specific system you're
>> on. If this was accidental rather than a policy, it'd make sense to
>> codify and preserve the practice of including such security patch
>> status in RPM changelogs, particularly when they are backported but in
>> general case as well.
>
> When patches are backported, typically the changelog would cover the
> reason for doing so but not necessarily when a new update fixes a bunch
> of issues and security issue happens to be one of them. In some cases,
> there is no CVE id assigned for the problem either but if you want to
> request that packaging guidelines recommend this in the general case,
> file it at
>
> https://fedorahosted.org/fpc/
>
OK, let's see whether others like it too:
https://fedorahosted.org/fpc/ticket/267
More information about the devel
mailing list