* Russ Allbery: > Accordingly, for my packages, I mention (as sub-bullets to the "* New > upstream release" bullet) any upstream change that: > > * Closes a Debian bug (and include the bug closer). > > * Is a major feature enhancement or a major bug fix likely to be of > interest to a substantial percentage of the users of the package. > > * Is of special interest to Debian users. (Requiring configuration > changes or changes in the way the package is used in Debian that aren't > quite worthy of a NEWS.Debian entry, for instance.)
Listing security bug with a "SECURITY:" tag would be a nice, too. 8-) > I'm happy to take criticism on what I mention and don't mention, but I > personally find Debian changelogs that never mention *any* details of why > a new upstream version was packaged to be unhelpful and really inferior. I agree completely. Listing important upstream changes and fixed Debian bugs is a service to our users. It also helps with software archaeology, in particular if upstream does not provide a concise or well-ordered changelog. > A pure "no upstream changes should be in the Debian changelog file" policy > would break down in a number of places. Some upstream changes I think > everyone agrees should be listed there (such as CAN numbers for fixed > security bugs). It's "CVE names" nowadays. 8-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
