On Thu, 01 Dec 2016, Ben Hutchings wrote: > Would it make sense to add a Bug header field to patches, e.g.: > Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-YYYY > or: > Bug-Debian-Security: > https://security-tracker.debian.org/tracker/CVE-XXXX-YYYY > ?
I don't have any strong opinion on the way you add the CVE number to the patch description. Using Bug-CVE and/or Bug-Debian-Security looks perfectly reasonable, yes. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/