On Tue, 02 Jul 2019 10:34:15 +0200, Richard Brown wrote:
On Tue, 2 Jul 2019 at 08:29, Takashi Iwai <tiwai@suse.de> wrote:
Unfortunately as I stated somewhere else, at the moment in terms of security / bug fixes this isn't complete enough, there needs to be a mapping from patch name to bug number in the .changes file and this is somewhat harder to automate.
Hmm.. how it can be different? This is about *.changes, not about patchinfo. I don't understand why the automatic tracking of patch files can be worse.
It really sounds as if you mandate the submission of a hand-written tax declaration at each time -- even if the whole transactions have been tracked online -- just because the tax officer prefers reading the printed papers :)
Simon is talking about the fact that in addition to the patch itself, the motivation for the patch (such as the CVE#/BOO#/BSC# etc) needs to be tracked also. https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Patch_markup_....
And as smart as any automated tool could be, I'm pretty sure it's not going to be able to read the mind of the contributors to know which bug/security ID was the motivation for adding a patch.
That's a different problem. You must put some bugzilla or CVE reference to the changelog, yes. That's mandatory. However, the mapping between the patch file and the bugzilla/CVE doesn't have to rely on the changelog. Even from the current OBS, you can deduce the changelog entry revision ID as well as the revision ID of patch changes. That is, if the changelog entry contains a bug/CVE reference, this mapping can be obtained automatically from OBS, too. thanks, Takashi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org