Måndag den 23:e mars 2020, klockan 14:07, skrev Tim Rühsen detta: > > May I suggest that Alfred or Mats put the ChangeLog file into an own > branch and we all add commits until we are all happy ? Then we merge > those commits into a single one and add it to master. > Currently it is not clear to me who is the "owner" of that file in > regards of being responsible to put in all the suggestions made here.
I disagree. First the correct changelog go into place, then other matters follow. I see no other matter that matters more than keeping a correct changelog file. We are already into deep water with the present situation. The responsibility lies with each and every member to write a useful and relevant changelog entry with each prepared commit to master. I would have thought the large exent of our changelog file and my agitated outburst had made this matter clear by now. > Regarding mentioning a "CVE tag": Who is going to retrieve a CVE number > ? Or has it been done already ? This was not meant as a git tag in any way. My statement is simply that the publicly assigned CVE number should be included in our changelog and in the commit message that is simultaneous with the issued commit. This is exactly the reason why a code change and additions to ChangeLog have to be similtaneous, in order that matter related to public security tickets can be traced properly, be it via 'git blame', simple reading of Changelog, or amplified by diligent and informed work. Regards, Mats E A
