[sorry for crossposting, but this is relevant to both ML, please cc]

Hi,
while searching bugtraq for not-yet-fixed security bugs, I found out that there
is no reliable way (apart from testing yourself) if a package has been patched
for a specific security advisory.
It would be fine to include as best practice for maintainers fixing security
bugs to include something (Fixes: <CAN-ID-or-something>) in the changelog so it
is easy to track such changes.

regards,
filippo

Attachment: signature.asc
Description: Digital signature

Reply via email to