On 2020-09-10 at 01:45, Tobias Frost wrote: > On Wed, Sep 09, 2020 at 10:53:37PM +0200, Alec Leamas wrote: >> Hi, >> >> A new version is uploaded to mentors. Time to reset the history. Changes >> since last round: >> >> - New warning dialog for downloading binary plugin content (patch). >> - Spelling error fixed >> - Removed references to upstream bugs. I think it's a pity, the >> references linked patches in d/patches to upstream bugs. > > Well, actually, all those lines probably should be removed: > debian/changelog is intended to record changes to the packaging part > only, it is not to record changes made upstream; more generally: Only > stuff that changes files in the debian directory should be mentioned > in d/changelog. (See > https://www.debian.org/doc/debian-policy/ch-source.html#debian-changelog-debian-changelog > for some better/more accurate wording in the Policy) I'm not sure I read that section as meaning that. Could you point more specifically to the exact wording there which you understand as reflecting this rule? Regardless, I'm fairly sure there are exceptions to this in practice. For example, if a new upstream release includes a change which closes an open Debian bug report or fixes a particular CVE, a notation in the changelog recording that fact seems to be de rigueur, and in fact as I understand matters the tooling recognizes and parses notes such as "Closes: #123456" or "CVE-1000-123-1234" to auto-close the given bug report or to mark a newly-packaged version as unaffected by the given CVE. For that matter, look at the Linux kernel packages (linux-image-VERSION-ARCH, among others). They don't seem to ship a changelog.Debian.gz, but the changelog.gz which they do ship seems to be in Debian changelog form and list Debian package versions, and is reported by apt-listchanges at upgrade time; in that file, each new Debian version tends to contain a "New upstream stable update" entry, which is then followed by a kernel changelog URL and a lengthy, detailed listing of changes (apparently nearly commit-level) taken from that upstream changelog. I'm not sure this is best practice, or that it would be a good thing for other packages to be doing en masse - but it's a large-scale example of including upstream changes in debian/changelog, and it certainly doesn't seem to be an unacceptable violation if something as core as the kernel packages have been doing it for so long and are still going that way. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature