Replies: 1 comment
-
Formally, fixing security vulnerabilities is just a subset of fixing bugs. The idealistic thing is to make them a subset somehow. Pragmatically, I prefer having it in its own section because it makes security issues stand out. The inconsistency with the other change types all being verbs bothers me too. I propose "Secured" as the change type label. It is a past-tense verb that describes what the developer(s) did - "Secured the signup page by removing SQL injection holes," for instance. It doesn't grab the eye quite as well as the well-known and frightening phrase "Security", alas. If people prefer nesting security changes under the "Fixes" section, tagging might be an option, as suggested in #30 . |
Beta Was this translation helpful? Give feedback.
-
At first, the "Security" type of changes was a bit unclear to me:
Wouldn't it be better to find another title for this type of changes. In particular, wouldn't it be more consistent to use a verb at past tense, such as:
Or maybe, this should just be a sub-section of Fixed. It would allow to have more categories according to their criticality.
Something like:
Fixed
Beta Was this translation helpful? Give feedback.
All reactions