A boilerplate for tracking the status of patches across Debian Kernel trees.
dannf> should anything go above this line?
dannf> should we use debian-style rfc822 for this for machine readability?
======================================================
Candidate: ##NEEDED## | CAN-XXXX-XXXX | N/A
Reference: CONFIRM:##URL## 
Reference: MISC:##URL## 
Description: 
 ##NEEDED## dannf> can a single description work for the cve,
 dannf> the changelog, and the DSA?
 dannf> should this use debian/control style multiline?
 dannf> should we have a short description?

Bug: [id, id, ...]
fixed-upstream: [version(, version)*]
2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
2.6.8-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
2.4.27-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
woody kernels?
... one line for each currently maintained tree

dannf> what does backported mean?  the patch didn't apply & needed munging,
dannf> or just that we used a patch intended for a newer tree, that may have
dannf> applied cleanly?