On Sun, 2008-02-24 at 14:09 -0700, Jake Edge wrote:
Lubomir Kundrak wrote:
>
https://fedorahosted.org/fedora-infrastructure/ticket/392#comment:2
> We're eager to hear your comments.
I think my questions were answered. I like what I see in the template
for security reports and the fact that y'all are giving them some
attention at the moment. I definitely agree that changelogs are only
interesting if they reflect the changes in the package for that release
(unlike they sometimes have in the past).
If it is 'easy', it would be helpful to update readers to have the CVE
references be links to CVE or NVD rather than just link to the redhat
bugzilla ...
Our decision was not to, because:
1.) Sometimes we get the CVE name after we ship the update, and unlike
the update mails, we can easily update bugzilla.
2.) In most cases our bugzilla contains verbatim copy of the CVE text,
and in all cases it has links to CVE, NVD and alias that is equal to the
CVE name. Our bugzilla even substitutes the CVE names with links to CVE.
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)