Re: CAN to CVE: changing changelogs?

To: Thomas Bushnell BSG <tb@becket.net>
Cc: debian-security@lists.debian.org
Subject: Re: CAN to CVE: changing changelogs?
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 27 Oct 2005 17:21:27 -0200
Message-id: <[🔎] 20051027192127.GA9202@khazad-dum.debian.net>
In-reply-to: <[🔎] 871x26dduo.fsf@becket.becket.net>
References: <[🔎] 1130319135.4117.12.camel@darwin.os9.nl> <[🔎] 20051027040301.GA1442@verge.net.au> <[🔎] 20051027114715.GA31904@khazad-dum.debian.net> <[🔎] 20051027144214.GB4599@verge.net.au> <[🔎] 20051027145736.GA9591@khazad-dum.debian.net> <[🔎] 871x26dduo.fsf@becket.becket.net>

On Thu, 27 Oct 2005, Thomas Bushnell BSG wrote:
> Henrique de Moraes Holschuh <hmh@debian.org> writes:
> > But at least we know that this subthread can end right here, right now.  It
> > is useless to discuss beliefs that exist without a technical backing, and I
> > won't waste my time with it.
> 
> Do you have a technical backing for your view that it is useless to
> discuss beliefs that one?

Parse error: "... that one?"  I am sorry, I am not sure I understood what
you mean. IF I got it right, my reply is simple: I will not change my mind
about a technical matter backed by technical reasons, because of the beliefs
of someone else.  Give me technical reasons, and I will listen and I could
be convinced that I am wrong.

Therefore, I will not waste my time with any thread where I ask for
technical reasons and get an ideologic one as a reply.  And I won't waste my
time arguing for the sake of arguing, either.

As for the technical reasons to update and modify past entries in a
changelog, I can name a few without any effort:

  1. Fixing typos do not change the message. If it does, it is not
     a simple typo.  Typos can cause a grep for information to
     fail, thus they are not always harmless.  Typos distract me,
     therefore I fix them on *my* changelogs when I notice them,
     so that they won't distract me ever again.

  2. By properly updating/fixing closes: entries, one can always
     machine-parse the changelog to locate exactly when a bug was 
     fixed. I can use this to feed the new version-aware BTS with
     missing versioning information, for example, if I need/want 
     to.

     Also, by adding the proper closes: entries in the changelog,
     now I have a link to the BTS entry that is related to that
     changelog entry.  This data is extremely useful when you
     are hunting the reasons for a particular change down.

  3. The security team's work is helped by adding the CVE
     information to the proper changelog entry, to the point that
     they have requested everyone to do so.  This requires editing
     past changelog entries quite often.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: CAN to CVE: changing changelogs?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: CAN to CVE: changing changelogs?
  - From: Joey Hess <joeyh@debian.org>

References:
- CAN to CVE: changing changelogs?
  - From: Thijs Kinkhorst <kink@squirrelmail.org>
- Re: CAN to CVE: changing changelogs?
  - From: Horms <horms@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Horms <horms@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CAN to CVE: changing changelogs?
  - From: Thomas Bushnell BSG <tb@becket.net>

Prev by Date: Re: CAN to CVE: changing changelogs?
Next by Date: Re: CAN to CVE: changing changelogs?
Previous by thread: Re: CAN to CVE: changing changelogs?
Next by thread: Re: CAN to CVE: changing changelogs?
Index(es):
- Date
- Thread