Henrique de Moraes Holschuh wrote: > Found it. From: Martin Schulze <joey@infodrom.org>, Message-ID: > <20041124100730.GF7329@finlandia.infodrom.north.de>, and Message-ID: > <20041129185017.GA25751@finlandia.infodrom.north.de> at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282681 "Please add this id to the proper changelog entry with the next upload." That's easily misinterpreted, although I won't try to guess which of us is doing so. One thing that this bug illustrates pretty well that is quite annoying when trying to determine what version of a package actually fixed a security hole, is new upstream releases that are listed in the changelog as fixing a particular CVE, when the hole was actually fixed in a previous debian revision of the old upstream version. That's a case where clarity is very useful in the changelog. (So is proper use of the new version tracking features of the BTS.) -- see shy jo
Attachment:
signature.asc
Description: Digital signature