Re: libgtk2.0-0: changelog.Debian.gz is not an upstream changelog
* Russ Allbery:
> Accordingly, for my packages, I mention (as sub-bullets to the "* New
> upstream release" bullet) any upstream change that:
>
> * Closes a Debian bug (and include the bug closer).
>
> * Is a major feature enhancement or a major bug fix likely to be of
> interest to a substantial percentage of the users of the package.
>
> * Is of special interest to Debian users. (Requiring configuration
> changes or changes in the way the package is used in Debian that aren't
> quite worthy of a NEWS.Debian entry, for instance.)
Listing security bug with a "SECURITY:" tag would be a nice, too. 8-)
> I'm happy to take criticism on what I mention and don't mention, but I
> personally find Debian changelogs that never mention *any* details of why
> a new upstream version was packaged to be unhelpful and really inferior.
I agree completely. Listing important upstream changes and fixed
Debian bugs is a service to our users. It also helps with software
archaeology, in particular if upstream does not provide a concise or
well-ordered changelog.
> A pure "no upstream changes should be in the Debian changelog file" policy
> would break down in a number of places. Some upstream changes I think
> everyone agrees should be listed there (such as CAN numbers for fixed
> security bugs).
It's "CVE names" nowadays. 8-)
Reply to: