From: "Ludovic Courtès" <ludo@gnu.org>
To: Christopher Baines <mail@cbaines.net>
Cc: 48696@debbugs.gnu.org
Subject: [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation
Date: Fri, 11 Jun 2021 16:05:06 +0200 [thread overview]
Message-ID: <87lf7g7azx.fsf@gnu.org> (raw)
In-Reply-To: <87bl8gtpxk.fsf@cbaines.net> (Christopher Baines's message of "Tue, 08 Jun 2021 15:02:31 +0100")
Hi Chris,
Christopher Baines <mail@cbaines.net> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
[...]
>> @subsection Addressing Issues
>>
>> Peer review (@pxref{Submitting Patches}) and tools such as
>> @command{guix lint} (@pxref{Invoking guix lint}) and the test suite
>> (@pxref{Running the Test Suite}) should catch issues before they are
>> pushed. Yet, commits that ``break'' functionality might occasionally
>> go through. When that happens, there are two priorities: mitigating
>> the impact, and understanding what happened to reduce the chance of
>> similar incidents in the future. The responsibility for both these
>> things primarily lies with those involved, but like everything this is
>> a group effort.
>>
>> Some issues can directly affect all users---for instance because they
>> make @command{guix pull} fail or break core functionality, because they
>> break major packages (at build time or run time), or because they
>> introduce known security vulnerabilities.
>
> I'm not sure what this paragraph is getting at?
It’s supposed to be provide concrete guidance to a committer wondering
whether they can/should/are entitled to revert a given commit.
> In any case, for security vulnerabilities, to affect all users they
> would also have to occur in major packages.
Agreed. The word “known” is important here: if I remove *-CVE-*.patch,
or if I downgrade a package, I’m likely introducing a “known”
vulnerability; if I’m adding a new package that later happens to be
vulnerable, it’s not a “known” vulnerability (it’s just routine ;-)).
> I think the above text looks good. As noted above, I'm unsure about the
> second paragraph, but that's not a big issue.
OK, thanks for taking the time to discuss it. I’ll send a v2 so
everyone gets a chance to chime in.
Ludo’.
next prev parent reply other threads:[~2021-06-11 14:06 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 12:32 [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-05-27 12:35 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Ludovic Courtès
2021-05-27 12:35 ` [bug#48696] [PATCH 2/3] doc: Add "Addressing Mistakes" section Ludovic Courtès
2021-05-27 19:19 ` Christopher Baines
2021-05-29 10:22 ` Ludovic Courtès
2021-05-30 10:29 ` Christopher Baines
2021-06-02 9:22 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-06-08 14:02 ` Christopher Baines
2021-06-11 14:05 ` Ludovic Courtès [this message]
2021-06-13 10:15 ` [bug#48696] [PATCH v2 0/4] " Ludovic Courtès
2021-06-13 10:15 ` [bug#48696] [PATCH v2 1/4] doc: Structure the "Commit Access" section Ludovic Courtès
2021-06-13 11:50 ` Xinglu Chen
2021-06-13 11:56 ` Xinglu Chen
2021-06-13 10:15 ` [bug#48696] [PATCH v2 2/4] doc: Add "Addressing Issues" section Ludovic Courtès
2021-06-13 10:15 ` [bug#48696] [PATCH v2 3/4] doc: Explain more reasons for commit revocation Ludovic Courtès
2021-06-13 10:15 ` [bug#48696] [PATCH v2 4/4] doc: Clarify Git commit signing; fix typo Ludovic Courtès
2021-06-18 12:37 ` bug#48696: [PATCH 0/3] Documenting commit reverts and revocation Ludovic Courtès
2021-05-27 12:35 ` [bug#48696] [PATCH 3/3] doc: Explain more reasons for commit revocation Ludovic Courtès
2021-05-27 19:13 ` Maxime Devos
2021-05-27 20:07 ` Christopher Baines
2021-05-29 9:58 ` Ludovic Courtès
2021-05-29 11:28 ` Christopher Baines
2021-05-29 20:36 ` Ludovic Courtès
2021-05-27 13:55 ` [bug#48696] [PATCH 1/3] doc: Structure the "Commit Access" section Julien Lepiller
2021-05-29 9:30 ` Ludovic Courtès
2021-05-27 19:10 ` Maxime Devos
2021-05-27 14:16 ` [bug#48696] [PATCH 0/3] Documenting commit reverts and revocation Leo Famulari
2021-05-30 12:49 ` Tobias Geerinckx-Rice via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lf7g7azx.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=48696@debbugs.gnu.org \
--cc=mail@cbaines.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.