Re: CAN to CVE: changing changelogs?

To: debian-security@lists.debian.org
Subject: Re: CAN to CVE: changing changelogs?
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 27 Oct 2005 19:31:37 -0200
Message-id: <[🔎] 20051027213137.GA9416@khazad-dum.debian.net>
In-reply-to: <[🔎] 20051027202639.GB9202@khazad-dum.debian.net>
References: <[🔎] 1130319135.4117.12.camel@darwin.os9.nl> <[🔎] 20051027040301.GA1442@verge.net.au> <[🔎] 20051027114715.GA31904@khazad-dum.debian.net> <[🔎] 20051027144214.GB4599@verge.net.au> <[🔎] 20051027145736.GA9591@khazad-dum.debian.net> <[🔎] 871x26dduo.fsf@becket.becket.net> <[🔎] 20051027192127.GA9202@khazad-dum.debian.net> <[🔎] 20051027200729.GC26938@kitenet.net> <[🔎] 20051027202639.GB9202@khazad-dum.debian.net>

On Thu, 27 Oct 2005, Henrique de Moraes Holschuh wrote:
> On Thu, 27 Oct 2005, Joey Hess wrote:
> > Henrique de Moraes Holschuh wrote:
> > >   3. The security team's work is helped by adding the CVE
> > >      information to the proper changelog entry, to the point that
> > >      they have requested everyone to do so.  This requires editing
> > >      past changelog entries quite often.
> > 
> > I don't think that the security team has ever requested retoractive
> > changing of changelogs for CVE entries. I find it hard to envision a
> 
> THAT will give me a lot of work to track down.  This was pre BTS-usertags,

Found it. From: Martin Schulze <joey@infodrom.org>, Message-ID:
<20041124100730.GF7329@finlandia.infodrom.north.de>, and Message-ID:
<20041129185017.GA25751@finlandia.infodrom.north.de> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282681

I was out of line on claiming that the security team asked everyone to add
CAN/CVE numbers to past changelog entries.  There were _two_ requests from
Martin Shulze directed to me, while wearing his security team hat, to change
past entries in a changelog to add CAN/CVE entries, but that's it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: CAN to CVE: changing changelogs?
  - From: Joey Hess <joeyh@debian.org>

References:
- CAN to CVE: changing changelogs?
  - From: Thijs Kinkhorst <kink@squirrelmail.org>
- Re: CAN to CVE: changing changelogs?
  - From: Horms <horms@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Horms <horms@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Joey Hess <joeyh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: CAN to CVE: changing changelogs?
Next by Date: Re: CAN to CVE: changing changelogs?
Previous by thread: Re: CAN to CVE: changing changelogs?
Next by thread: Re: CAN to CVE: changing changelogs?
Index(es):
- Date
- Thread