09.10.2012, 20:59, "Richard Moore" <[email protected]>: > On 9 October 2012 09:21, Marc Mutz <[email protected]> wrote: > >> Hi Rich, >> >> Thanks for taking the time to write this up. I have but one question: >> >> On Monday October 8 2012, Richard Moore wrote: >>> * Where possible packagers should be informed directly of which SHA1s they >>> should cherry pick in order to get a security fix. >> What process do you recommend to prevent the Gerrit review of the patch (a >> necessary precondition for obtaining a final SHA1 of the commit) from >> (prematurely) disclosing the vulnerability? > > That's a real problem I agree. There's some discussion on the topic here: > https://bugs.launchpad.net/openstack-ci/+bug/902052
Launchpad is certainly wrong place to discuss this topic. It should be submitted as feature request to Gerrit. -- Regards, Konstantin _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
