[
https://ovirt-jira.atlassian.net/browse/OVIRT-2078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36861#comment-36861
]
sbonazzo commented on OVIRT-2078:
---------------------------------
User story:
A researcher find a vulnerability in one of the oVirt packages.
A CVE is opened and an embargo date is acknowledged between researcher, oVirt
package maintainer and downstream vendors.
Between report and embargo date, oVirt package maintainer must be able to push
a patch to gerrit as a private patch, getting it reviewed by a restricted
number of people and get it ready for being merged immediately on embargo lift,
when the vulnerability will be disclosed to public, in order to issue an
immediate release right after the merge.
> Check option for private changes on Gerrit
> ------------------------------------------
>
> Key: OVIRT-2078
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2078
> Project: oVirt - virtualization made easy
> Issue Type: Task
> Reporter: eyal edri
> Assignee: infra
> Priority: High
>
> We need an option sometimes to post private changes ( not draft ) to Gerrit,
> Gerrit has support for private changes [1], we should check if its available
> in current version.
> [1]
> https://gerrit-review.googlesource.com/Documentation/intro-user.html#private-changes
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100087)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/3Y6QWP3PABWUOUNNOX4SGIBJEDAMUCFL/
