Jonathan Wiltshire, 2012-01-16 17:01+0100: > It is only a small thing but I did not realise DEP-3 was still a > candidate or I would have spoken earlier. A CVE field, mandatory if a > CVE has been published for this patch and is the major component of this > patch, would allow easy tracing of patches back to CVE publications > later (for review perhaps, or by other distributions).
Then it would be better to make it independant from CVE, since they are not the only security vulnerability database. -- ,--. : /` ) Tanguy Ortolo <xmpp:[email protected]> <irc://irc.oftc.net/Tanguy> | `-' Debian Developer \_ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
