Red Hat refuses Alma's CVE patches to CentOS Stream; says "no customer demand" - eviltoast
  • flux@lemmy.ml
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    A patch contains more than the changes: it contains the commit message. In open source projects, and in particular in CVE fixes, the commit message can indeed be quite descriptive. It needs to be!

    You’re still right, though. But I like to think professionals are able to verify the changes with the high-quality commit message—possibly in less time than investigating the issue themselves.