Re: CAN to CVE: changing changelogs?
On Thu, Oct 27, 2005 at 09:47:15AM -0200, Henrique de Moraes Holschuh wrote:
> On Thu, 27 Oct 2005, Horms wrote:
> > On Wed, Oct 26, 2005 at 11:32:15AM +0200, Thijs Kinkhorst wrote:
> > > Hello people,
> > >
> > > As many of you are probably aware, CVE has changed the naming of their
> > > id's: the temporary "CAN-" prefix has been dropped and an id is now
> > > always of the form CVE-yyyy-nnnn. More information at the CVE website.
> > >
> > > I was wondering what to do with changelogs. I think it might make sense
> > > to rename CAN-... numbers in old entries to CVE-..., since all entries
> > > have been renamed and this aids to the goal: having one unique string to
> > > find any vulnerability by.
> > >
> > > Are there any thoughts on changing changelogs retroactively? Might it
> > > even be an idea to add a lintian check for 'old-style' CAN id's?
> >
> > I believe that changelogs should never be changed restrospectively.
>
> Why not? Technical reasons only, please. Fixing changelogs so that they
> are more useful in the future is common in Debian. These are slight edits,
> always, not entry suppresion or something like that. Trimming them down is
> also very common on long-standing packages, and something that is needed.
> Usually, the older entries are moved to a separate file to rot there
> out-of-the-way.
Because I don't believe in revisionist history, thats all.
--
Horms
Reply to: