We should add a custom field in bugzilla when the security categroy is used on a package, to add the CVE identifier. The field should not be present by default.
I have looked at how to do that. It's possible to do it from this page : https://bugs.mageia.org/editfields.cgi?action=add We can select "Field only appears when" to show it only in some cases. However, it is only possible to make the field present based on the value of : - Product - Platform - OS/Version - Status - Resolution - Severity - Priority In our case, we would like to show it or not based on value of Component (only show it if it's a bug on Security component). But it looks like it's not possible. So if we cannot do it based on component, I think there is two solutions : - add a new severity value, "security issue" (set by default for bugs in components Security). And add the custom field only when severity is "security issue". - add the custom field in all cases
CC: (none) => boklm
Well, a CVE would be linked to a rpm, so the component should be Rpm packages, no ? However, security is not a severity, if we decide to use it , we will not be able to see if a security bug is urgent or not ( I would rate a potential dos on some obscure erlang application less severe than a remote root on openssh, for example ). That's quite bad that the only filed we would want to use is the one that cannot :)
bugs.mageia.org runs Bugzilla 3.6.4. Upgrade to 4.0 as proposed in bug 40, and you will be able to use the Component field. ;)
CC: (none) => LpSolit
i really need to push this on the top of my todo.
CC: (none) => dmorganec
(In reply to comment #4) > i really need to push this on the top of my todo. What happened since?
CC: (none) => marja11
setting depend on bug 40
Depends on: (none) => 40
Assignee: mageia-sysadm => sysadmin-bugs
CVE field has been added, available only for bugs in the security component.
Status: NEW => RESOLVEDResolution: (none) => FIXED
CC: boklm => (none)