On Fri, Apr 03, 2026 at 11:47:25AM +0200, Salvatore Bonaccorso wrote:
That really depends on your preference for packaging. For instance in the kernel team we do not retrospectively touch already released changelog entries. Other team do ammend it and just add the CVE identifier in a old entry on a next unstable upload and say something like ammending an older entry.
I amended the changelog entry and did not flag the commit with Git-Dch: ignore, therefore a changelog entry will be generated.
Also this was ANOTHER lesson to NEVER directly commit to a release branch but go through a working branch AND a merge request ALWAYS. I will need to have a visible commit to add the CVE to the changelog for the trixie and bookworm proposed-updates uploads. I plan to do those on monday pending team review.
Thank you for your advice, I really appreciate that. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
