Changelog improvements before the 3.2 release #5905
Conversation
Consolidate the entries for SHA512 and SHA256 since they are being released together. List the algorithms generically as SHA-2 since this also applies to SHA224 and SHA384. Clearly state that the instructions are only supported when building for Aarch64 (64-bit ARMv8+) and not for Aarch32 (32-bit ARMv8+). Signed-off-by: Gilles Peskine <[email protected]>
…figs The entry for “Fix several bugs…” already covers this. This is borderline an internal detail anyway. Signed-off-by: Gilles Peskine <[email protected]>
If the key agreement or the public key export in ssl_write_client_key_exchange() fails, the handshake enters a failed state. The only valid thing you can do in a failed handshake is to abort it, which calls mbedtls_ssl_handshake_free(), which destroys ecdh_psa_privey. While it's good hygiene to destroy the key in the function that creates it, it would have been cleaned up a little later in the normal course of things anyway, so there wasn't an actual bug. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
enhancement
size-s
gilles-peskine-arm
added
the
needs-backports
gilles-peskine-arm
added
needs-review
| @@ -1,4 +1,4 @@ | |||
| Features | |||
| * Add the function mbedtls_timing_get_final_delay() to access the private | |||
| final delay field in an mbedtls_timing_delay_context, as requested in | |||
| #5183 | |||
| #5183. | |||
There was a problem hiding this comment.
Rather than have to do this check manually, why not update assemble_changelog.py to add a trailing full stop if one is missing? It could also reflow the text if that is desired.
There was a problem hiding this comment.
And if we're going to change this, how about removing the for consistency?
Add function mbedtls_timing_get_final_delay()...
There was a problem hiding this comment.
We usually write changelog entries in proper English, not headlinese, thus “add a function” or (since it's named) “add the function”.
Regarding automation: automation has the cost of writing the code and of handling exceptions. Exceptions are why we aren't reflowing (sometimes we want forced breaks at specific points) and why we aren't doing spell checking. I'm not sure if there are exceptions where we really don't want a full stop at the end.
There was a problem hiding this comment.
The ChangeLog is presented as a bulleted list. A bulleted list is not really fully prose, in the same way documentation is; and changelogs are typically read rapidly by users to identify "what might interest me in this new release". So writing for rapid parsing (i.e. consistency across multiple entries) and removal of filler would seem to be reasonable here.
Generally in text, where bulleted lists appear they will (depending on style) either (1) all but the last item end in ;, last item ends in . (this is common in documents where bulleted lists aren't the main content) or (2) none have punctuation at the end (which is common on slides).
However, this gets tricky when some bullet points might be multiple sentences, because each sentence within a bullet point needs its punctuation at the end, and so (for consistency) the last sentence in a multi-sentence bullet point should have its punctuation, and so (also for consistency) a bullet point of only one sentence should also have punctuation at the end.
One might consider not doing this for a very short phrase, such as Fixes #1234, but since we do put full stops at the end of those, I can't see content that wouldn't have punctuation at the end.
ChangeLog.d/mbedtls_ecp_export.txt
Outdated
| @@ -1,3 +1,3 @@ | |||
| Features | |||
| * Add mbedtls_ecp_export() function to export ECP | |||
| keypair parameters. Fixes #4838. | |||
| * Add a function mbedtls_ecp_export() to export ECP key pair parameters. | |||
There was a problem hiding this comment.
Actually, I think this is better without a:
| * Add a function mbedtls_ecp_export() to export ECP key pair parameters. | |
| * Add function mbedtls_ecp_export() to export ECP key pair parameters. |
There was a problem hiding this comment.
I agree with Tom that the version without "a" is better out of the two, but I'm not sure if "function" is even needed here, it's pretty self-evident. The addition of details at the end is OK.
There was a problem hiding this comment.
Why is the version without “a” better? “A” is required for proper English grammar. It's only left out in headlinese.
There was a problem hiding this comment.
I've changed the entries you objected to to “add function”.
Since this is not a preestablished usage, and I disagree with making it a standard, I have not gone through other entries to align them. If we're to establish a policy, my preference is for “the new X does this”, because it has the simplest sentence construction. I'm also fine with “Add a X that does this”. I don't like “Add X that does this” because it's headlinese, and we have a well-established tradition of writing changelog entries in proper English sentences.
ChangeLog.d/mbedtls_tlsver_enum.txt
Outdated
| * The new functions mbedtls_ssl_conf_max_tls_version() and | ||
| mbedtls_ssl_conf_min_tls_version() use a single value to specify | ||
| the protocol version. |
There was a problem hiding this comment.
Presumably the section contents are coalesced for the ChangeLog, so these two entries won't necessarily be adjacent. In which case it would be better to use the standard "Add function foo()"-style:
| * The new functions mbedtls_ssl_conf_max_tls_version() and | |
| mbedtls_ssl_conf_min_tls_version() use a single value to specify | |
| the protocol version. | |
| * Add functions mbedtls_ssl_conf_max_tls_version() and | |
| mbedtls_ssl_conf_min_tls_version() that use single values to specify | |
| protocol versions. |
There was a problem hiding this comment.
Why is “Add functions …” preferable to “The new functions …”? We've been using both.
There was a problem hiding this comment.
I would say that "The new functions" does not imply that there was a change that added them. It might mean that these new functions now use a single value to specify [...]. I agree with Tom here.
There was a problem hiding this comment.
I don't get this. “New” means it wasn't there before the change. It's a common way to word changelog entries (example: Emacs — mostly under “Lisp changes”).
There was a problem hiding this comment.
I understand your approach, but even in the given example a lot of changes follow one of these rules:
The new function xxx has been added,The new xxx replaces the current [...]- headline:
New function xxx, then, in the bodywhich is, or just some description.
I would say that in fact the form proposed is also used, so I'm more inclined to accept it, however I still like other versions more.
Given that I'm not a native speaker, I'll just let others speak in this specific change request.
| * Add a function to extract message digest information from a message | ||
| digest context. | ||
| * The new function mbedtls_md_info_from_ctx() recalls the message digest | ||
| information that was used to set up a message digest context. |
There was a problem hiding this comment.
Why change from the the "Add function foo()" style?
There was a problem hiding this comment.
I added the function name. I didn't consider “add a function” vs “the new function” to be significant, I just thought my updated sentence flows better.
There was a problem hiding this comment.
Same as above: "the new function" doesn't sound to me like the function was added, it rather states that this new function now recalls the message digest [...].
Subjective: Add _function_name()_ to extract > Add function _function_name()_ > The new function.
There was a problem hiding this comment.
On reflection I personally prefer “the new function …”, but that's a matter of preference, so I've changed this back.
There was a problem hiding this comment.
Re: "Add ..." vs "The new ..." is a case of active vs passive, us saying what we have done (in present tense, as is common for release notes) vs documenting what is done (it's quite common for documentation to be passive voice).
| preprocessing computations to avoid doing them multiple times, which was | ||
| causing the handshake to fail. | ||
| * Fix a TLS 1.3 handshake failure when the peer Finished message has not | ||
| been received yet when we first try to fetch it. |
There was a problem hiding this comment.
I understand that we don't have to give more detail, but is it harmful if the work is already done?
There was a problem hiding this comment.
Having irrelevant information hides the relevant information, yes. So I'm not reverting this.
Signed-off-by: Gilles Peskine <[email protected]>
tom-cosgrove-arm
added
approved
Miscellaneous improvements to changelog entries, including:
I have only reviewed existing entries. I have not looked for missing entries.
Needs backport for a few entries.