Add "Misc/NEWS.d" directory tree for "blurb".

[larryhastings]

CPython workflow is changing! We're going to start using "blurb"
to manage Misc/NEWS entries:
https://github.com/python/core-workflow
(This will be a big win for release managers, honest.)

This checkin simply populates the "Misc/NEWS.d" subdirectory tree
so that people can start putting their news entries in there.
No other changes (yet).

[brettcannon]

Should the files be .rst files so that we can eventually add a link back to blurb that renders appropriately when people look in the directory through the GitHub UI?

[brettcannon]

And I think @Haypo once asked for a Security/ subdirectory.

[vstinner]

Yes, I would like to group all security issues to ease the work of vendors like Linux distributions who backports fixes in older versions.

[larryhastings]

Please make up your mind about "Security". Right now "Security" is a metadata tag applied to news entries in any category. There are about a half-dozen Misc/NEWS entries that have "[Security]" in the text; and I turn that into the "Security" tag. I don't do anything with the tag yet, but the metadata is there and I figured we could bikeshed how to present it later (e.g. prepend/append the word "security" to the text somewhere, with a link to... somewhere.) And yes this isn't documented yet.

As for making them .rst files--who would see that as rendered hypertext? Would GitHub automatically render it if you browse into that directory when viewing cpython source?

[brettcannon]

@larryhastings ah, then if that's already implemented then let's try that to start and we can change later if necessary.

As for who will see the rendered hypertext, when you visit in the future e.g. https://github.com/python/cpython/tree/master/Misc.d/Library then you would see the README rendered as the text below the file list (just like at https://github.com/python/cpython/tree/master/Misc you see the plain text README).

[vstinner]

Please make up your mind about "Security". Right now "Security" is a metadata tag applied to news entries in any category.

I would like to stop using "[Security]" "tag" on NEWS entries, but instead put all security entries in a new section without this tag. Example:

Security
========

* bpo-123456: Fix super critical vulnerabilty

[larryhastings]

@Haypo: What would you like me to do with the existing entries with the security tag? Remove it, and instead change those entries to be in the new "Security" category?

@brettcannon: Do you defer to Victor? (Victor: I'm gonna do what Brett tells me to.)

[vstinner]

@Haypo: What would you like me to do with the existing entries with the security tag? Remove it, and instead change those entries to be in the new "Security" category?

If it's not too hard, please move existing entries to a new Security category.

Otherwise, it's also fine to leave existing entries unchanged: keep the [Security] prefix.

[larryhastings]

It's not hard to move them to a new "Security" category. It's all a big hack anyway, what's one more!

If you like, I can tag you on the PRs when I actually break Misc/NEWS up into separate files, so you can check over the stuff that gets auto-tagged as Security.

I actually wouldn't mind if you recategorize existing news entries anyway. But, please, no hacking up Misc/NEWS for now--if you want to change the existing news entries, please wait until after my "blurb split" is checked in. My Misc/NEWS parser is mildly fragile, and incautious people keep adding novel (and invalid!) formatting and forcing me to hack up my parser to match.

[vstinner]

If it will be easier to recategorize changes after the conversion, sure, I will wait until you are done. And yes, I consider that it would be worth it. I'm trying to better track security fixes, so I also looked at past fixes, not only new ones. For example, I noticed that the fix for Sweet32 wasn't categorized as related to Security, wheras it is. See for example the commit fa53dbd in the 3.4 branch. I would be interested to recategorize this specific NEWS entry.

[larryhastings]

It'll be an easy change to make once I convert Misc/NEWS into the blurb data format.

The plan is, once this PR is accepted (and one very similar PR for each of the other open branches), we'll wait a week to give the active PRs a chance to land, then I'll convert all the open branches over to blurb all at once. After that, i invite you to make all the changes you see fit.

[brettcannon]

@larryhastings I hereby defer to @Haypo on how to categorize. 😄 So I guess add the directory now and then we can move stuff around in a separate PR later.

[larryhastings]

I've added a directory for the "Security" category. For what it's worth, it's now the first category, in front of "Core and Builtins", as befitting its importance. I've also changed the README.txt files for README.rst files.

[brettcannon]

LGTM!