Jonathan Wiltshire, 2012-01-16 17:01+0100: > It is only a small thing but I did not realise DEP-3 was still a > candidate or I would have spoken earlier. A CVE field, mandatory if a > CVE has been published for this patch and is the major component of this > patch, would allow easy tracing of patches back to CVE publications > later (for review perhaps, or by other distributions).
Then it would be better to make it independant from CVE, since they are not the only security vulnerability database. -- ,--. : /` ) Tanguy Ortolo <xmpp:tan...@ortolo.eu> <irc://irc.oftc.net/Tanguy> | `-' Debian Developer \_ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jf1k4a$27a$1...@dough.gmane.org
