V Thu, Sep 08, 2022 at 01:06:17AM +0200, Kevin Kofler via devel napsal(a):
Maxwell G via devel wrote:
> I don't think Fedora packagers should be CCed on these global trackers.
The problem is that, as it stands, those global trackers are the only place
that actually explains (usually in one paragraph) what the security issue
actually is. The [fedora-all] trackers are pretty useless considering that
they contain no information whatsoever beyond the subject line. (Their only
relevant content is the state, mainly whether they are open or closed.)
[fedora-all] bugs links to the vulnerability tracker with Bugzilla
dependencies. For me it's pretty obvious where to find the details. If it's
not for obvious for others, then an additional sentence in the [fedora-all]
description text ("More details about this vulnerability are in bug #NNN")
could help.
-- Petr