On Thursday 11 May 2006 15:15, Ville Skyttä wrote:
> Best practice question:
>
> Assuming a security issue in package foo which is shipped and vulnerable
> in many distro versions, do people find it better to file one
> copy-pasted bug report per distro version or a "combined" one for all
> which lists the affected distro versions?
>
> The one-for-all approach would have the benefit of easier copy-pasting
> between audit/* files and probably more accurate Bugzilla references in
> maintainer %changelog entries as the same specfile is used for all
> distro versions in the vast majority of cases. It could make things
> slightly harder to track, eg. in Bugzilla queries and such.
I would think one bugzilla entry for all. If you did one for each you could
be dealing with 5 bug reports.
I ack this. Things can quickly get out of hand. To beat my favorite dead
horse, mozilla, you have 4 products, across 5 distributions = 20 bugs.
--
JB