-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
> [1] Three of these are already closed security bugs, which have been > added to this version of the changelog since their "CVE" ID was missing > in previous releases. I believe you should edit the previous changelog entries to include those bug numbers and CVE IDs, so users can easily locate the version that fixed the bug. (There is nothing wrong with editing old changelog entries to fix mistakes or clarify important things like security bugs.) Cheers, Marcus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10rc1 (GNU/Linux) iEYEARECAAYFAkqkEkQACgkQXjXn6TzcAQkw2QCfd4Zlg1Z7MYG/59qeTgouWUMO DiMAn29Zs1BTBHA5+AHau23u8bKZfQbP =ET2N -----END PGP SIGNATURE----- _______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers