On Tuesday 17 January 2012, William A. Rowe Jr. wrote: > I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It > seems more efficient to set these up as patches/CVE-yyyy-iiii/ > with individual files for actively (or semi-actively) maintained > versions. If there is one patch which applies to 2.2.n < 2.2.17, > and a second patch for 2.2.17 and higher, it would be easier to > differentiate these all within one directory.
Sometimes there may be two or more separate CVEs that are fixed by a single patch. How would you map that to patches/CVE-yyyy-iiii/ ? Copy the patch? Add a README file to CVE-foo dir that the fix is included in the patch for CVE-bar? Apart from that, I don't prefer one structure over the other.
