On 1/17/2012 1:56 PM, Eric Covener wrote: >> I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems >> more efficient to set these up as patches/CVE-yyyy-iiii/ with individual >> files for actively (or semi-actively) maintained versions. If there is >> one patch which applies to 2.2.n < 2.2.17, and a second patch for 2.2.17 >> and higher, it would be easier to differentiate these all within one >> directory. > > The current scheme has one benefit in that a responsible user on the > latest release has a one-stop shop for "What do I need to add?". > > With the CVE as the directory, they'd have to start with some other > resource/hint or browse through the descriptions/patches.
I'm not sure about that. If I have 2.2.18, what do I apply? If there were patches in .21 how do I know they apply to me?
