On Jun 21, 2016, at 07:52 AM, Ethan Furman wrote:
On 06/21/2016 07:07 AM, Victor Stinner wrote:
Christian proposed to simply prefix changes with "[Security]".
Seems good to me -- are there any downsides?
Nothing major IMHO. The whole point is to make it easy for downstreams to identify change. To that effect, I'd mildly prefer a Misc/NEWS section because it will be easier to pick out the changes, but OTOH "security" issues can span multiple sections, so it may just be more accurate to add a [Security] mark to issues that have a security aspect. Once downstreams are properly trained on the new mark, it should be just as easy to search for it. It *is* a little difficult to search for specific issues in NEWS that occur after a given release. I usually search for "What's new in X.Y" for the baseline X.Y I care about, and then search up for some reference to the issue I'm looking for. It wouldn't be much extra work to also search for [Security]. As an aside, when/if we ever get auto-NEWS file generation (to reduce conflicts), I would love to get the (git) commit id prepended to the NEWS item. Sure, a particular change can span multiple commits, but the one that changes NEWS should be enough to quickly jump me to the relevant changes. Cheers, -Barry