On 1/17/2012 11:56 AM, Eric Covener wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE-yyyy-iiii/ with individual
files for actively (or semi-actively) maintained versions. If there is
one patch which applies to 2.2.n< 2.2.17, and a second patch for 2.2.17
and higher, it would be easier to differentiate these all within one
directory.
The current scheme has one benefit in that a responsible user on the
latest release has a one-stop shop for "What do I need to add?".
With the CVE as the directory, they'd have to start with some other
resource/hint or browse through the descriptions/patches
2 cents.
I like the current way as well, know right where to look, do not have
read something first then dig through a bunch of CVE numbers. Somewhat
dyslexic people would be better served by the apply to vs. CVEs IMHO.
