[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CAN to CVE: changing changelogs?

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> Now, please explain to me why a changelog that has had detail added to past
> entries so that information that belongs to a given uploaded version IS in
> the entry for that version, is worse than one that lacks this information,
> OR has that information elsewhere?

Because it omits information, crucially, when a particular fact was
learned.  Why obscure information deliberately?  

> That is my whole point of contention.  Not that I'd advocate going over the
> changelog to add and update CAN and CVE data, as the security team already
> said they don't really need it, but I want to know exactly what kind of
> damage one would be doing by updating the changelog like that.  So far, I
> have not been convinced that we should be *against* someone doing it, if he
> has the inclination to do so.

If you add it with the actual date, saying "this was fixed by version
such-and-such" or whatever, then you are maintaining a more accurate
record.  Why deliberately create a less accurate record?
Reply to: