Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: To Publish Change Logs Or Not?

Posted by Soulskill on from the fixed-a-bug-with-arcane-missiles dept.

Linnerd writes "A software company I work for has decided to no longer publish change logs when updated versions of the software are made available. A change log consists of sections pulled directly from the issue management system that is automatically processed into a spreadsheet. The spreadsheet can be sorted/viewed by many criteria, such as date of the fix, component affected, severity and more. There usually are a fair number of entries (sometimes more than 1000), because each update published contains all the accumulated changes made since some base release in the past and the change log has entries for everything from major bugs to minor improvements to documentation changes and spelling errors fixed. The main reasons for pulling the change logs was the fear of putting the software in a bad light and risking ridicule, especially from the competition. Although I can follow these arguments up to a point, I've personally always been more comfortable with software that had explicit and detailed change logs: Errors and bugs happen, whether they are communicated or not, and I'd rather know what was changed than blindly install some patch without knowing if it's relevant for the issues I'm trying to solve. What is your opinion? Should change logs / errors / bugs be communicated openly? How is this handled in the companies you work for? Can you provide publicly available references on the pros and cons of open and honest communication of changes and bug fixes, especially in commercial environments?"

31 of 162 comments (clear)

  1. Your customers are lucky by phantomfive · · Score: 4, Insightful

    Your customers are lucky, they get to know that something changed. If you were making 'cloud' software, they wouldn't know anything changed until they logged in one morning and things are broken.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Your customers are lucky by enoz · · Score: 2

      5 million businesses on Google for a start.

    2. Re:Your customers are lucky by Anonymous Coward · · Score: 4, Insightful

      I guess playing devil's webmaster, would there be any possible NEGATIVE consequence of publishing the change log? I don't see it for most applications.

      Liability.
      Client X has some kind of trouble, looks through the changelog and finds bug Z was fixed and (at least on the surface) appears to have been related.
      Most of the time when you're dealing with proprietary solutions (not just software), you don't give the client a full detail of what happened when something went wrong. You go through management to prepare a formal RFO (reason for outage), that way they can clear it with the Legal team, Sales teams, and verify the accuracy of the statement.

    3. Re:Your customers are lucky by istartedi · · Score: 4, Funny

      Your customers are lucky, they get to know that something changed. If you were making 'cloud' software, they wouldn't know anything changed until they logged in one morning and things are broken.

      Worse yet, they could get a screen full of MyCleanPC spams mixed in with their data.

      --
      For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
    4. Re:Your customers are lucky by icebike · · Score: 2

      Your customers are lucky, they get to know that something changed. If you were making 'cloud' software, they wouldn't know anything changed until they logged in one morning and things are broken.

      Not sure you need that much detail to know something is happening and something changed.

      Many companies just mention "bug fixes" as a general category that covers typos or potential problems that no one has actually reported.

      We just mention things that users have reported, improvements they have asked for, and limitations that were removed and new capabilities added.
      We've issued some updates with the single statement "Bug Fixes".
      We've issued other updates that require extensive documentation changes as well as conversion steps to get to the new version.

      But no one needs to see every t you belatedly cross or every i you finally got around to dotting. People want to see progress in features and functions, and as little disruption to their work flow as possible.

      --
      Sig Battery depleted. Reverting to safe mode.
    5. Re:Your customers are lucky by viperidaenz · · Score: 2

      So the liability would be that your lies may be exposed? If no one lied, there would be no liability in telling the truth.

    6. Re:Your customers are lucky by Cenan · · Score: 4, Insightful

      I see your point. But liability and truth are not the same thing, and losing in court has nothing to do with truth either.

      --
      ... whatever ...
    7. Re:Your customers are lucky by Anonymous Coward · · Score: 4, Funny

      I block MyCleanPC spam with a hosts file. Thank you for being a cosmonaut.

    8. Re:Your customers are lucky by necro81 · · Score: 4, Informative

      But liability and truth are not the same thing

      This is a practice that has been drilled into my head: any half-thoughts, offhand comments, or speculation can very, very easily be manipulated by a lawyer to make you or your company look like a guilty guilty liars in a courtroom. One excerpt from a change log, blown up onto a 4' x 6' poster, displayed in front of a jury, can result in a multimillion-dollar loss for you or your company. Never mind that the full context would exonerate you or that there's a larger story surrounding that comment - the opposing lawyer only needs to keep pointing to that poster to make you look like an idiot that's got something to hide.

      Now, it is bad enough for such potentially dangerous content to exist in materials that are discoverable once a lawsuit has already begun. It is downright stupid, as a business practice, to just put those materials out in the wild for anyone to examine and look for something that could be sued over. If you want to keep your customer informed about what's changed, by all means produce a formal document that does that, with detail to the nth degree. The change logs are for internal use; they aren't for your customers.

    9. Re:Your customers are lucky by Aqualung812 · · Score: 3, Insightful

      The change logs are for internal use; they aren't for your customers.

      I'm not going to be one of your customers, then. I check the changelogs of every Cisco IOS update I deploy. If they changelog isn't published yet, I don't deploy.

      I'm not going to add risk to my environment if all the new version did was fix bugs in features I don't use and add new features (with new bugs) that I won't use.

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  2. Nope by Anonymous Coward · · Score: 2, Informative

    I won't install an update without a change log.

  3. Change logs matter by Marsell · · Score: 5, Insightful

    Anybody who has run software on a non-trivial scale knows how important changelogs are.

    They give you some idea of what to expect, but more importantly let you know whether a problem you're having now has been fixed in the upgrade. Although developers would like everyone to run the newest version of software, in practice you don't touch production systems without good reason. Fixed pain points, and maybe security (depending on isolation) are valid reasons. "Because it's there" is not.

    Elimination is a stupid move. It's a triumph of marketing at the cost of we who must run this shit.

    1. Re:Change logs matter by s.petry · · Score: 5, Interesting

      This is why there are generally 2 sets of change logs (in reality one that derives another set). You have the changelog that is used internally, which is what you are talking about. The other is a list of bug fixes, enhancements, and removed features for customers.

      Good internal change logs track not only what was fixed, but what was attempted in the fix process so that you don't replicate these failed paths in later problems/enhancements. Code samples are usually in "good" change logs as well. These things are not needed for a customer, and are probably where you would find the ridicule.

      If you are really being told to remove change logs, that is a very broken situation. Those logs are not just to show people you are actively developing your code and fixing things, but also to reduce your overall development costs.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    2. Re:Change logs matter by Anrego · · Score: 3, Interesting

      Not only that, but when something goes wrong after upgrading something, it's useful to be able to say "ok, what's changed since the last version...".

      Sounds to me like submitter needs to find a middle ground between basically publishing their internal bug tracking and not publishing anything. It can be as simple as having a co-op / intern go through the internal change log and create a sanitized generic-ified version for public consumption (you know, in leu of actual work experience..).

    3. Re:Change logs matter by bored · · Score: 4, Insightful

      Code samples are usually in "good" change logs as well.

      Code samples for what? The library your selling? I don't think i've ever put a "code sample" in a changelog for human consumption. That is probably because everywhere I've worked, one of the first things I make sure works is a way for the source management, bug tracking, and release management systems to reference each other. That way, the internal change log has references to the bugs and patches. Curious what the code change associated with something is? Click the link and look at the diffs.

    4. Re:Change logs matter by dotancohen · · Score: 2

      Elimination is a stupid move. It's a triumph of marketing at the cost of we who must run this shit.

      And make no mistake: it will be elimination. Elimination of your software from many clients' servers / desktops.

      People like me won't run your software anymore. I cannot risk having your developers changing code running on my critical systems without so much as telling me what they change. I can usually infer the 'why', but they must tell me the 'what'. You don't mention if your customers have access to the code source or not, but in either case a concise human-formatted changelog is such a basic requirement that I am actually disturbed about an upstream provider even considering removing it.

      --
      It is dangerous to be right when the government is wrong.
    5. Re:Change logs matter by Cenan · · Score: 4, Insightful

      Not only that, but when something goes wrong after upgrading something, it's useful to be able to say "ok, what's changed since the last version...".

      No, you do that before you upgrade and you use the changelog to determine whether you should upgrade at all. If you're doing it in reverse, its your own damn fault.

      --
      ... whatever ...
    6. Re:Change logs matter by bwcbwc · · Score: 3, Informative

      Most folks call those edited change logs "release notes" in my experience. The list of changes, defect fixes, etc. should at least be a section in overall release notes, but they don't usually have to go into gory detail the way that the OP describes. The change or defect number being fixed is always useful, because then you can lookup the original bug report online for more details if you think it might impact your environment,.

      --
      We are the 198 proof..
    7. Re:Change logs matter by s.petry · · Score: 2

      Most folks call those edited change logs "release notes" in my experience. The list of changes, defect fixes, etc. should at least be a section in overall release notes, but they don't usually have to go into gory detail the way that the OP describes. The change or defect number being fixed is always useful, because then you can lookup the original bug report online for more details if you think it might impact your environment,.

      True, and probably a good idea to have this pointed out to them. TFA describes releasing the full change logs to public scrutiny so I'm not sure that they understand the difference.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  4. Definitely by kimvette · · Score: 5, Insightful

    Change logs and proper release notes are very appreciated by administrators and end users. Disclosure of known issues is particularly valued, and it also benefits the vendor because it reduces nuisance calls to technical support. Fixed, pending and wontfix lists are especially appreciated by sysadmins, since they are the ones most immediately impacted by the change - do they install the patch and deploy it immediately, or do they live with the current build until pending issues are fixed, etc.

    Plus, it instills trust. A veil of secrecy does not earn trust from your customers, nor does a vague "fixed misc. bugs and implemented misc. performance enhancements" because one is more inclined to not upgrade rather than proceed with it and possibly risk downtime.

    Of course I am saying this blindly, since the submitter did not specify what sort of software this is. Is it a server app? A commercial desktop app? Or is it a game or other entertainment software which is not mission-critical, where downtime can cost thousands to tends of thousands per hour?

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  5. Yes, POST change logs by mysidia · · Score: 5, Insightful

    It is one of the major criteria I look for in good software --- open communication from the developers about updates, and changes; active recent update history.

    Some of the most successful software companies such as Microsoft and VMware post detailed released notes that show bug fixes and improvements.

    Detailed changelogs are even better.

    If you are concerned about ridicule from a competitor -- you can probably point out the competitor hides their flaws by not posting detailed change logs.

    Another thing you can do that's less recommended -- is put the changelogs behind a click-through agreement. Require site visitors register to review them.

    Keep in mind it's not just customers that necessarily want to see documentation, release notes, and changelogs.

    When I am considering buying a software product I want, EXPECT, and demand to see on the product vendor's website: (1) Pricing, (2) Release notes, (3) Documentation, (4) Change logs, and (5) A trial version download, before I even talk to a salesperson.

    These are signs of a healthy well-marketed product, that will be around for years to come. If any of these are missing -- warning flags, or alarm bells are going off.

    If the software doesn't have readily accessible documentation, or notes on bugs --- does anyone use this software in the real world?? Is the documentation crap??; If I buy this product -- is it going to be a complex pile - have spending hours upon hours on the phone with their support, working out bugs at every corner just to get the product up and running with basic functionality?

    Will I need to make a phone call, to blow my nose with this software?

  6. Run away...now. by Anonymous Coward · · Score: 2, Insightful

    This is a boner move by your company. I've seen it happen before, and it's usually a sign of a failing company that fears reality.

    Perhaps there was a recent management change? If yes, this is a sign that you've got a cowboy coming in with guns a-blazing and thinks he knows how to run a software shop... GTFO, while the gettin's good.

  7. depends, but not most important thing by phantomfive · · Score: 2

    Different customers are going to feel differently, but in my experience doing releases, a different thing matters more.

    The key is to make sure that each release is an improvement over the previous release. If you do that, your customers will be happy, and won't worry much, as you build trust and confidence over time. In your situation, if a particular customer requests the change logs, I would give them, but a general release is not important.

    The real problems come when your releases break things. After an especially bad release, your customers might not be willing to upgrade for two or three years (see: Windows Vista). Make sure each release is better than the previous. That is crucial.

    --
    "First they came for the slanderers and i said nothing."
  8. Competition by gwgwgw · · Score: 2

    Does it have to be all or nothing?

    Our software supports the hardware so we don't feel any palpable, fierce competition since we always lag the hardware improvements and those get top billing. Our users are interested in knowing the changes that are meaningful to them.

    Since I use our change logs to significantly build our "brochure" touting reasons to upgrade, maybe you all can pare down change logs to the "best of the 1000" to say "20"... a list most can bother to go through.

    --
    That was Zen, this is Tao
  9. Fewer than 1000 by bill_mcgonigle · · Score: 3, Insightful

    Some OSS bug trackers have a 'relnote' field where people are to enter a release note if the owner feels it's something that ought to be communicated to the user.

    As a user, don't bother me with stuff that will never effect me (did you refactor a class? - great, but I don't need to know about it) or I won't need to look up (did you fix a CVE or a spelling mistake?) but do let me know about changes that will affect my workflow, will offer me an improved way of doing something, or should cause me to go revisit results I've generated in the past (i.e. you had a bug).

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  10. Externally meaningful changes by Mr+Z · · Score: 3, Insightful

    My employer produces a compiler tool chain for its products. Its release notes contain two major things:

    1. A list of major customer visible changes.
    2. A list of defects fixed

    The first represents our internal development efforts. It's written in terms of the actual features, how they affect our users, and how the users ought to use them. They are not written in terms of the series of commits that made the features happen. That would just be pointless.

    The second represents the defects fixed in this (and recent) releases, as pulled from the bug tracking system. If a customer filed a bug and we fixed that bug, that bug number and a brief description of the bug are in the release notes. Again, this is not tied to a commit stream that addressed the bug, but rather to defect reports that were closed by the release. Most of these defects come from external customers, but not all.

    What's not in there? All the internal churn that got us from point A to point B. We distill it down to what the externally meaningful changes are.

    Disclaimer: I am not on the team that produces the tool chain I described. I'm just a happy, internal customer of said tool-chain.

    --
    Program Intellivision!
  11. Compliance requirements by Todd+Knarr · · Score: 3, Informative

    From where I sit there's no question: for compliance reasons we must be able to detail exactly what is being changed when we install updates to software. If we can't, then we have to re-certify the software from scratch before it can be deployed which is a fairly tedious and time-consuming process. Having to do that with any regularity will find us looking for alternatives.

    As for a list of bug-fixes making your software look bad, remember this: I know exactly how long our unresolved-issues list is for every single bit of commercial software we use, and exactly how long some of those issues have been sitting there. That your software has bugs that needed fixed too isn't going to come as any great surprise to me. What will impress me is a) actually fixing problems, and b) being clear about what you're fixing or changing which minimizes the amount of work I get saddled with.

    1. Re:Compliance requirements by Eskarel · · Score: 2

      Your compliance process is wildly optimistic.

      Even if you had full source code and the change sets you wouldn't be able to guarantee no breaking changes. Either something is mission critical in which case it needs to be re-certified or it's not and it probably doesn't.

  12. Summarize by saleenS281 · · Score: 4, Insightful

    While it will take more work, posting EVERY change is completely unnecessary, and oftentimes unhelpful. The publicly released changelog should include human-readable summary's of bugfixes and new features. If a customer asks for more details about a bugfix, feel free to give them the unedited version as you see fit. A changelog should NOT be a git history. Information overload is oftentimes less helpful than nothing at all because someone may spend hours to days sifting through it all only to figure out what they were looking for isn't even there.

  13. Not exactly cloud, but kinda by rve · · Score: 5, Insightful

    We make a SaaS application. Every major release comes with a change log. Not the raw, unedited and complete change log TFA talks about, but a human readable, edited one of the form
    - feature we promised
    - change you asked for
    - other change you asked for
    - new surprise feature
    - UI improvement foo

    and finally....
    - numerous bug fixes

    Bugfix releases don't have a separate published change log. Instead, customers who reported a bug are notified directly when it has been fixed.

    This way it is useful for the customer. What the customer really wants to know is that they're not paying you for drinking coffee. They don't want information overload. A complete change log would only make sense to people who work with the code.

    1. Re:Not exactly cloud, but kinda by bwcbwc · · Score: 4, Insightful

      Those are called release notes.

      Unless it's an extremely specialized application that requires the customer to have expertise in a specialized field, most customers will be perfectly happy with release notes. The gritty details about changes are mostly needed for things like changes to an API, changes to an algorithm that affect calculations, etc.

      --
      We are the 198 proof..