publish email: Include changelog info for the published version #3695

kevmoo · 2020-06-09T01:16:41Z

now that we can parse the changelog, it'd be great to get the changelog details for the published release!

jonasfj · 2020-06-09T10:10:56Z

We send these emails to enable package owners to discover malicious publishing events, in case their account is compromised.

Allowing a potential attacker to define a section of the email is probably not a huge concern. As coming up with a fake/innocent CHANGELOG entry can be hard.

But we should note that the purpose of these emails is not to notify people who are interested in updates about a package.

kevmoo · 2020-06-09T14:10:18Z

But we should note that the purpose of these emails is not to notify people who are interested in updates about a package.

Yup. But I've noticed that these end up being FYI emails that someone else on my team has published something. I end up clicking and going to the changelog to see what's new

isoos · 2020-10-30T11:21:23Z

Duplicate of #2028, closing this.

kevmoo added the Type: enhancement label Jun 9, 2020

jonasfj added this to the On Deck milestone Jun 9, 2020

isoos closed this as completed Oct 30, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

publish email: Include changelog info for the published version #3695

publish email: Include changelog info for the published version #3695

kevmoo commented Jun 9, 2020

jonasfj commented Jun 9, 2020

kevmoo commented Jun 9, 2020

isoos commented Oct 30, 2020

publish email: Include changelog info for the published version #3695

publish email: Include changelog info for the published version #3695

Comments

kevmoo commented Jun 9, 2020

jonasfj commented Jun 9, 2020

kevmoo commented Jun 9, 2020

isoos commented Oct 30, 2020