Mailinglist Archive: opensuse-factory (443 mails)

< Previous Next >
Re: [opensuse-factory] Re: please someone help with SR#711379
On Tue, 2 Jul 2019 at 08:29, Takashi Iwai <tiwai@xxxxxxx> wrote:

Unfortunately as I stated somewhere else, at the moment in terms of
security / bug fixes this isn't complete enough, there needs to be a
mapping from patch name to bug number in the .changes file and this is
somewhat harder to automate.

Hmm.. how it can be different? This is about *.changes, not about
patchinfo. I don't understand why the automatic tracking of patch
files can be worse.

It really sounds as if you mandate the submission of a hand-written
tax declaration at each time -- even if the whole transactions have
been tracked online -- just because the tax officer prefers reading
the printed papers :)

Simon is talking about the fact that in addition to the patch itself,
the motivation for the patch (such as the CVE#/BOO#/BSC# etc) needs to
be tracked also.
https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Patch_markup_.28also_called_.22Tagging_patches.22.29

And as smart as any automated tool could be, I'm pretty sure it's not
going to be able to read the mind of the contributors to know which
bug/security ID was the motivation for adding a patch.
Automatically handling the removal of the patch should be relatively
easier though - assuming the ID is already present the tooling could
actually look up the Bug ID and confirm whether or not the bug is
closed before allowing the removal of the patch from the specfile -
and that could be a nice improvement that'll stop tons of fixed bugs
being left open when maintainers forget to close them ;)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >