One Bugzilla report per distro version or one for all?
Ville Skyttä
ville.skytta at iki.fi
Thu May 11 20:15:56 UTC 2006
Best practice question:
Assuming a security issue in package foo which is shipped and vulnerable
in many distro versions, do people find it better to file one
copy-pasted bug report per distro version or a "combined" one for all
which lists the affected distro versions?
The one-for-all approach would have the benefit of easier copy-pasting
between audit/* files and probably more accurate Bugzilla references in
maintainer %changelog entries as the same specfile is used for all
distro versions in the vast majority of cases. It could make things
slightly harder to track, eg. in Bugzilla queries and such.
More information about the security
mailing list