On Thu, Oct 27, 2005 at 09:47:15AM -0200, Henrique de Moraes Holschuh wrote: > On Thu, 27 Oct 2005, Horms wrote: > > On Wed, Oct 26, 2005 at 11:32:15AM +0200, Thijs Kinkhorst wrote: > > > Hello people, > > > > > > As many of you are probably aware, CVE has changed the naming of their > > > id's: the temporary "CAN-" prefix has been dropped and an id is now > > > always of the form CVE-yyyy-nnnn. More information at the CVE website. > > > > > > I was wondering what to do with changelogs. I think it might make sense > > > to rename CAN-... numbers in old entries to CVE-..., since all entries > > > have been renamed and this aids to the goal: having one unique string to > > > find any vulnerability by. > > > > > > Are there any thoughts on changing changelogs retroactively? Might it > > > even be an idea to add a lintian check for 'old-style' CAN id's? > > > > I believe that changelogs should never be changed restrospectively. > > Why not? Technical reasons only, please. Fixing changelogs so that they > are more useful in the future is common in Debian. These are slight edits, > always, not entry suppresion or something like that. Trimming them down is > also very common on long-standing packages, and something that is needed. > Usually, the older entries are moved to a separate file to rot there > out-of-the-way.
Because I don't believe in revisionist history, thats all. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
