On Tue, 24 May 2011, Michael Scherer wrote:
I would keep this as a update after the release is out ( like they 4
ruby cve, libzip one ( CVE-2011-0421 )) and others that came out since
yesterday.
So maybe we could open bugs for this ?
There is 2 proposal :
- filling them on security, and have a saved search
What do you mean by that, a security product?
- creating a tracker bug
I would be in favor of the tracker bug :
- you can subscribe to it
- it will be clearer ( as bugfixes are not security so we may miss some
update to do )
- it doesn't pollute the list of saved search
But as pascal said, a tracker bug requires that each bug to be linked to
it, which is manual and error prone.
I don't know much about bugzilla, but:
- Add a keyword 'security' to all security bugs.
(also manual and error prone?)
- Set target to 'Mageia 1' for all bugs about stable updates.
Bugs about backports are not allowed to be targeted at a stable
release, we can add additonal backports targets if needed.
Having a saved search that can easily be found doesn't sound like a bad
idea. A tracker bug won't be closed even if all dependencies are resolved,
is that a good way to use tracker bugs?
Christiaan
