On Mon, 13 Jan 2020 at 15:23, Joe Doss <joe@xxxxxxxxxxxxxx> wrote: > > On 1/12/20 3:19 PM, Marius Schwarz wrote: > > Am 10.01.20 um 17:36 schrieb Pierre-Yves Chibon: > >> Good Morning Everyone, > >> > >> This is not a new idea, it has been presented at flock last year and > spoken > >> about on this very list this fall, so I'd like to push it a little > further. > >> > >> Do we want to drop release and changelog from our spec file? > > Vote: no. > > > > The correct releases and changelogs in the rpms are important to check > > for security patches made. This need of any admin will override > > any argument for a removal, as it's the most important source on a > > working system to gather it's security state. > > Finally the reply I was looking for! As someone who relies the changelog > of the RPM for security reasons this whole thread has me worried. > > On 1/12/20 3:38 PM, Miro Hrončok wrote: > > It would stay in the RPM, we would just populate it differently and it > > would no longer be hardcoded in the spec file in our infrastructure. > > How will it be populated? Will it ensure that the information that is > important for security minding end users is still available? Sorry in > advance if I missed the details of how it would still be managed and > included for end users to consume? The CVE information there is mostly on the whim of the packager. Some packagers do put items in there and others forget (aka I have forgotten to do so a couple of times). How will the new way be populated? That is what part of this thread is trying to get to. It has not been decided or implemented but would hopefully be part of getting the changelog out -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
