Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept

> > We really should write the CVE numbers into the commit messages and
> > the release notes.
>
> I think that would be good.

That requires the CVE number to be available at the time of commit. Not
sure if it'll always be. But if it is, it's certainly a good idea to put
it in.

> > How about a simple webpage that has more or less a table with:
> > CVE-number  |   present in releases  |  fixed in releases
> > CVE-number  |   present in releases  |  fixed in releases
> > CVE-number  |   present in releases  |  fixed in releases
>
> ..and I think we should do this too.
>
> Have to say I'm a bit worried about overloading Tom and
> Bruce, who write most of the security patches and relevant
> release notes.
>
> Anybody else volunteer to maintain the web page?

While I think it would be a good idea for someone on -core to actually
be responsible for such a list, I can certainly create and maintain the
page. With our track record of security issues, it doesn't seem that it
should be all that much work...

//Magnus