the hwdata package has no patches as fedoraproject is upstream for this package. All changes should be done in fedoraprojects hwdata git repository, all pci.ids and usb.ids need to get approved by their upstream maintainers first as we don't want to create another pci database.
All accounts approved for hwdata git should have pkgdb CVS ACLs set, but I'll need to check that again. In short: nothing should be changed in pkgdb CVS unless it is commited to upstream first