On Tue, 29 Nov 2016, Antoine Beaupré wrote: > I wonder if we should standardize something about this. > > I usually name security patches with the following scheme: > debian/patches/CVE-XXXX-YYYY(-commithash)?.patch
I use CVE-XXXX-YYYY(-patchnumber)?.patch as some issues require multiple patches to be fixed. But I do not embed the commit hash, it's already present in the meta-data and does not provide anything useful. > relevant. if i don't have the CVE, i use some bug number or some unique > identifier. i have found it way more difficult to find my way around > patch queues that use "symbolic" names that describe the issue rather > than individual ticket or CVE numbers... Me too. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
