I don't think that it matters much at this point. We can start with the [Security] prefix and decide later to move items to a dedicated section.
I expect that we have 10 security related changes or less. Maybe I'm wrong and we have way much than that :-) Victor 2016-06-22 0:40 GMT+02:00 Barry Warsaw <ba...@python.org>: > On Jun 21, 2016, at 07:52 AM, Ethan Furman wrote: > >>On 06/21/2016 07:07 AM, Victor Stinner wrote: >>> Christian proposed to simply prefix changes with "[Security]". >> >>Seems good to me -- are there any downsides? > > Nothing major IMHO. The whole point is to make it easy for downstreams to > identify change. To that effect, I'd mildly prefer a Misc/NEWS section > because it will be easier to pick out the changes, but OTOH "security" issues > can span multiple sections, so it may just be more accurate to add a > [Security] mark to issues that have a security aspect. > > Once downstreams are properly trained on the new mark, it should be just as > easy to search for it. It *is* a little difficult to search for specific > issues in NEWS that occur after a given release. I usually search for "What's > new in X.Y" for the baseline X.Y I care about, and then search up for some > reference to the issue I'm looking for. It wouldn't be much extra work to > also search for [Security]. > > As an aside, when/if we ever get auto-NEWS file generation (to reduce > conflicts), I would love to get the (git) commit id prepended to the NEWS > item. Sure, a particular change can span multiple commits, but the one that > changes NEWS should be enough to quickly jump me to the relevant changes. > > Cheers, > -Barry > _______________________________________________ > Security-SIG mailing list > Security-SIG@python.org > https://mail.python.org/mailman/listinfo/security-sig _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
