Do not remove Record content when rejecting a CVE ID #18
Description
I thought there was an issue for this but can't find it. I'm opening this in the QWG repo because it needs to be discussed before getting into schema change details.
When a CVE ID/Record is rejected, the schema is changed and the Record content is lost to history. This is a bad idea, the Program is losing information. I appreciate that the Program has decided that the lost information was incorrect (not a vulnerability, a duplicate, some other sort of assignment error), but after rejection, it's pretty hard to remember why the rejection happened. Negative examples are informative. In addition to changing state/status, we're actively deleting information. I suspect this behavior is rooted in Program history, when IDs were limited and the data and presentation boundaries of Records were even more blurred.
Maybe the type of or reason for rejection matters, e.g., rejecting because of a clear duplicate, may not lose information, or much information, if the content is merged when rejecting. But it's cleaner and simpler to simply not remove Record content when rejecting.
A web site, like cve.org, could choose to present rejected records in a way that hides or minimized the rejected content. But let's stop deleting the content.