[Security-sig] How to document changes related to security in Python changelog?
Ethan Furman
ethan at stoneleaf.us
Tue Jun 21 10:52:02 EDT 2016
On 06/21/2016 07:07 AM, Victor Stinner wrote:
> Extract: "Some of the problems that have occurred are things like bug
> reports being sent to the list, but that couldn't be reproduced, or
> distributions not updating their Python packages because it wasn't
> clear to them that there was a security fix made in an upstream
> release. Heimes suggested that security fixes be clearly marked in the
> "News" file that accompanies releases."
> Christian proposed to simply prefix changes with "[Security]".
Seems good to me -- are there any downsides?
--
~Ethan~
More information about the Security-SIG
mailing list