From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jsmith@kcco.com>
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 required=5.0 tests=DMARC_MISSING,
	MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_DYNAMIC autolearn=unavailable
	autolearn_force=no version=4.0.0
Received: from brazil.sys.kcco.com (leg-66-247-92-2-CHI.sprinthome.com [66.247.92.2])
	by chiba.3jane.net (Postfix) with ESMTP
	id E1B2DAC43B; Thu, 20 Jun 2002 09:52:25 -0500 (CDT)
Received: from brazil.sys.kcco.com (localhost [127.0.0.1])
	by brazil.sys.kcco.com (Postfix) with ESMTP
	id A6D3F88DED6; Thu, 20 Jun 2002 09:58:14 -0500 (CDT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Jean-Michel Smith <jsmith@kcco.com>
To: Wout Mertens <wmertens@gentoo.org>, gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Apache security hole and ebuild
Date: Thu, 20 Jun 2002 09:58:14 -0500
User-Agent: KMail/1.4.1
References: <Pine.GSO.4.44.0206201343330.19554-100000@oaktree.cisco.com>
In-Reply-To: <Pine.GSO.4.44.0206201343330.19554-100000@oaktree.cisco.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200206200958.14395.jsmith@kcco.com>
Sender: gentoo-dev-admin@gentoo.org
Errors-To: gentoo-dev-admin@gentoo.org
X-BeenThere: gentoo-dev@gentoo.org
X-Mailman-Version: 2.0.6
Precedence: bulk
List-Help: <mailto:gentoo-dev-request@gentoo.org?subject=help>
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Subscribe: <http://lists.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@gentoo.org?subject=subscribe>
List-Id: Gentoo Linux developer list <gentoo-dev.gentoo.org>
List-Unsubscribe: <http://lists.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@gentoo.org?subject=unsubscribe>
List-Archive: <http://lists.gentoo.org/pipermail/gentoo-dev/>
X-Archives-Salt: bc822512-0ce0-4d03-abe7-6b519614e36b
X-Archives-Hash: cf75d972f4058f89863064bd8d11b58a

On Thursday 20 June 2002 06:46 am, Wout Mertens wrote:

>
> But that is exactly what Changelog is for, notifying the user about wha=
t
> changed. Although I admit it doesn't have a lot of visibility, we might
> want to do something about that, like an option on emerge that shows th=
e
> changelogs since your version...

that is a great idea!  i would only add that some indication of severity =
(with=20
appropriate colorized output perhaps?) would be nice, so that mundane cha=
nges=20
(new incremental version update, no big changes) would be in white, while=
=20
more significant changes that might require configuration changes and/or=20
break a current running setup (like apache) would be in yellow, while=20
signficant changes (like major version update or very incompatible change=
s, a=20
la db3 -> db4 or the recent libpng update) would have a higher severity t=
hat=20
would print out in bright red! :-)

Then one could to an 'emerge -u -p world --show-changelog' (or whatever t=
he=20
switch ends up being) and see right away, with a casual glance, which cha=
nges=20
are likely to be the most worrisome.

Jean.