Re: CAN to CVE: changing changelogs?
Henrique de Moraes Holschuh <hmh@debian.org> writes:
> Now, please explain to me why a changelog that has had detail added to past
> entries so that information that belongs to a given uploaded version IS in
> the entry for that version, is worse than one that lacks this information,
> OR has that information elsewhere?
Because it omits information, crucially, when a particular fact was
learned. Why obscure information deliberately?
> That is my whole point of contention. Not that I'd advocate going over the
> changelog to add and update CAN and CVE data, as the security team already
> said they don't really need it, but I want to know exactly what kind of
> damage one would be doing by updating the changelog like that. So far, I
> have not been convinced that we should be *against* someone doing it, if he
> has the inclination to do so.
If you add it with the actual date, saying "this was fixed by version
such-and-such" or whatever, then you are maintaining a more accurate
record. Why deliberately create a less accurate record?
Reply to: