On 1/10/20 8:14 PM, Michael Catanzaro wrote:
On Fri, Jan 10, 2020 at 9:46 pm, Richard W.M. Jones
<rjones(a)redhat.com> wrote:
> OpenSUSE proved years and years ago that dropping %changelog is
> possible, easy and desirable. We should do that IMHO.
They still have %changelog at the bottom of each spec file, but as the
last line of the file. The actual changelog is stored as a separate
.changes file. That's a *lot* better than what Fedora does now,
because it makes it way easier to scroll through the spec file. But
getting rid of the changelog entirely would be even nicer. :)
changelogs often include CVE information, especially useful when the
fixes are backported rather than included as part of the regular
update/release process.
How could the CVE info be available in the absence of changelogs?