On Fri, 28 Oct 2005, Thomas Bushnell BSG wrote: > Joey Hess <[EMAIL PROTECTED]> writes: > > One thing that this bug illustrates pretty well that is quite annoying > > when trying to determine what version of a package actually fixed a > > security hole, is new upstream releases that are listed in the changelog > > as fixing a particular CVE, when the hole was actually fixed in a > > previous debian revision of the old upstream version. That's a case > > where clarity is very useful in the changelog. (So is proper use of the > > new version tracking features of the BTS.) > > Seems to me that the right thing to do is: > > close the bug with the right version using -done; > add a *new* changelog entry (not altering the old one), saying "bug > such-and-such was fixed in such-and-such old version."
That is not as good for reference purposes. It requires that you keep track of such information while reading the rest of the changelog, should that information be of any value to you. It is against the good practices for technical documentation to do so, except when you have no choice but to use forward references. Here's how this issue looks to me: 1. changelogs describe the changes in a **package** over time; 2. changelog "entries" that "fix" a past entry by adding/correcting data are out of their correct place in the timeline of the **package** (and not of the changelog); 3. changelog "entries" that "fix" a past entry by adding/correcting data are in their correct place in the timeline of the *changelog* (and not of the package). Now, which situation should one care more for, and why? I prefer to care more about the package history than about the changelog itself. Adding/editing/updating a past entry improves the changelog description of the package timeline (unless it is a stupid edit that shouldn't have been done in either way, so let's ignore those). Why is that worse than an edit whose only virtue is to keep the *changelog* timeline intact? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
