[devel] Q: apache2-2.2.8-alt1 %changelog

Alexey Tourbin =?iso-8859-1?q?at_=CE=C1_altlinux=2Eru?=
Сб Мар 1 13:28:19 MSK 2008 

On Sat, Mar 01, 2008 at 11:50:57AM +0200, Michael Shigorin wrote:
> On Sat, Mar 01, 2008 at 01:26:09AM +0300, Dmitry V. Levin wrote:
> > > - Adding SECURITY to upstream:
> > >   + CVE-2007-6421 (cve.mitre.org)
> > >   + CVE-2007-6422 (cve.mitre.org)
> > >   + CVE-2007-6388 (cve.mitre.org)
> > >   + CVE-2007-5000 (cve.mitre.org)
> > >   + CVE-2008-0005 (cve.mitre.org)
> > > - Fix #14601: less-than-optimal examples in con/sites-available.
> > >   (Thanks Mikhail Gusarov <dottedmag altlinux org>)
> > >   + update apache2-2.2.6-alt-configs-0.1.patch to
> > >     apache2-2.2.8-alt-configs-0.2.patch
> > > - Updating patchs for 2.2.6:
> > >   + apache2-2.2.6-alt-debian.conf-0.1.patch to
> > >     apache2-2.2.8-alt-debian.conf-0.1.patch
> > >   + apache2-2.2.6-alt-default_https.conf.in-0.1.patch to
> > >     apache2-2.2.8-alt-default_https.conf.in-0.1.patch
> > >   + apache2-2.2.6-alt-cgi-0.1.patch to
> > >     apache2-2.2.8-alt-cgi-0.1.patch
> > 
> > Что хотел сказать этим %changelog'ом его автор?
> 
> Если правильно понял (не претендую по техническим причинам),
> то написал бы примерно так:
> 
> - 2.2.8: security fixes:
>   + CVE-2007-6421: XSS in mod_proxy_balancer (script injection)
>   + CVE-2007-6422: ...
> - fixed #14601: suboptimal examples in conf/sites-available
>   (thanks dottedmag@)
>   + updated apache2-2.2.6-alt-configs-0.*.patch
> - updated 2.2.6 patches:
>   + apache2-2.2.*-alt-debian.conf-0.1.patch
>   + apache2-2.2.*-alt-default_https.conf.in-0.1.patch
>   + apache2-2.2.*-alt-cgi-0.1.patch

I think that %changelog entries should reflect only user-visible
changes.  We inform users why they have to upgrade the package.
Besides this, rpm changelog must also be *concise*.  Usually there's
no reason to list minor/unrelated/non-essential changes.

Updating patches is pain in the ass that of maintainters,
not that of users.  Provided that patch was updated successfully,
users don't care.

Also I think that version update does not need detailed/explicit
announce.  Only local changes do.  That said, I belive that changelog
like this will do:

* me
- X.Y.Z (fixes CVE-1, CVE-2)
- fixed WHAT (who helped, #1234)
- fixed WHAT (who helped, #5678)
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 197 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/devel/attachments/20080301/3621827d/attachment-0002.bin>

Подробная информация о списке рассылки Devel