Red Hat refuses Alma's CVE patches to CentOS Stream; says "no customer demand" - eviltoast
    • flux@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      A patch contains more than the changes: it contains the commit message. In open source projects, and in particular in CVE fixes, the commit message can indeed be quite descriptive. It needs to be!

      You’re still right, though. But I like to think professionals are able to verify the changes with the high-quality commit message—possibly in less time than investigating the issue themselves.

    • odbol@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      How did they submit changes to only one file? Did they not write a test for it? Sounds like a dodgy patch if it doesn’t have a test