On Thursday 11 May 2006 15:15, Ville Skyttä wrote:
Best practice question:
Assuming a security issue in package foo which is shipped and vulnerable
in many distro versions, do people find it better to file one
copy-pasted bug report per distro version or a "combined" one for all
which lists the affected distro versions?
The one-for-all approach would have the benefit of easier copy-pasting
between audit/* files and probably more accurate Bugzilla references in
maintainer %changelog entries as the same specfile is used for all
distro versions in the vast majority of cases. It could make things
slightly harder to track, eg. in Bugzilla queries and such.
I would think one
bugzilla entry for all. If you did one for each you could
be dealing with 5 bug reports.
--
Regards
Dennis Gilmore, RHCE
Proud Australian