On Tue, Jan 17, 2012 at 4:19 PM, Stefan Fritsch <[email protected]> wrote: > On Tuesday 17 January 2012, William A. Rowe Jr. wrote: >> I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It >> seems more efficient to set these up as patches/CVE-yyyy-iiii/ >> with individual files for actively (or semi-actively) maintained >> versions. If there is one patch which applies to 2.2.n < 2.2.17, >> and a second patch for 2.2.17 and higher, it would be easier to >> differentiate these all within one directory. > > Sometimes there may be two or more separate CVEs that are fixed by a > single patch. How would you map that to patches/CVE-yyyy-iiii/ ? Copy > the patch? Add a README file to CVE-foo dir that the fix is included > in the patch for CVE-bar?
include both CVEs in the pathname > > Apart from that, I don't prefer one structure over the other. -- Born in Roswell... married an alien...
