From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/1] Gst-plugins-good security update Date: Sat, 26 Nov 2016 12:54:17 -0500 Message-ID: <20161126175417.GA30134@jasmine> References: <87fumehbe5.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54007) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cAhBA-0004ko-3b for guix-devel@gnu.org; Sat, 26 Nov 2016 12:54:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cAhB7-0004hL-15 for guix-devel@gnu.org; Sat, 26 Nov 2016 12:54:24 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:46762) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cAhB6-0004hC-SZ for guix-devel@gnu.org; Sat, 26 Nov 2016 12:54:20 -0500 Content-Disposition: inline In-Reply-To: <87fumehbe5.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 26, 2016 at 09:51:30AM +0100, Marius Bakke wrote: > Leo Famulari writes: > > The CVE bug fixes are not split into discrete patches, so it doesn't > > work to make patches for each CVE ID, like we normally do. > > > > Is this approach (concatenating the patches) okay? >=20 > I prefer having them separately, so the upstream commit can be clearly > referenced in the patch header; and they can be reviewed and modified > independently. >=20 > In this instance it's okay, since I just checked out the 1.10 branch and > concatenated the four commits and ended up with the same patch :-) >=20 > That's not to say it should not be allowed. I think this approach is > fine for long patch series, but at only four patches it's not the best > precedent. I wondered how to split the patches up here. I don't know how to name the first two patches, since the CVE bug fixes are spread between them. I'll break the 3 and 4th patch off into their own files. --J/dobhs11T7y2rNN Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlg5zEkACgkQJkb6MLrK fwhjSQ//V5XPqR0O0dlDYnE5UE84BVGRJtcFi90zOXsNPIpaO+HYWg5UXrODmu0v O8HPqVIOVfaPEOrN4sg3ZuGQ0kfihJBlXxjjutrbL6sUqaxEWykUdWUo+JKKzM4o sziUj09d3Nhkb7TmmT7sefID23lP2E5+7zB1yISFYUPWhmA5rOu9QN2ko0r85qxs 1lKe3hmYnhfbTk3NL1uLcE0xP+wHNB7OHtp41jLrXj44hb/6ShTlR/m7jOW7P1rM 8pMXPOoRFd2abrtPjBY40Ewwn+XS3MWMGjyL5nNBgqh8vxS4l4j/RpZxUCWjfTRl //7FoZSh1vp8MveoPSugP+9Pxic400zIGaImymDiecn1NlEbvmTLS3PipgJqVHxC 1v7TR1snmgo/A7pKsUvIcixHtimMU5gvp7Tc6HXaetn3dmuZVC3g27H1CyRZ207H 1BvMSG/uN2GP6T1OkARrzUpymyZUiC0plbGy3iQQGZ7GCYny7L1NpS+jbKmwEfmm Y8dqVe4LK8Gzm6ITXdXeesoWvnrmYRmT++YPURGiB654FPkPgqDayaDB73+6fFgS 1cjCWDQusb5q3J3VWj0m0KVptDlG6VXOeX0pogR/ofsY+uzRIzYyvWCu0fAJvYYj jLO6uENILWGVM3W44Kms7pzBEpDpiKB7RAjjSlNe2Ly8S5G8hds= =R+w4 -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN--