On 17 August 2015 at 15:59, Jeremy Stanley <[email protected]> wrote: > On 2015-08-17 15:46:24 +0200 (+0200), Thierry Carrez wrote: > [...] >> OSSA: <YYYY-ZZZ> >> For commits that correspond to vulnerability fixes. > [...] > > I don't think that's going to be feasible. Consider the sequence > with a public security vulnerability... often the OSSA number isn't > assigned until after one or more backports have been approved. With > some careful controls introduced into the VMT process we may be able > to make sure most of these get updated commit messages before they > merge, but would still need a plan to solve for the times when > backported security fixes slip in without an OSSA header in the > commit message.
Maybe this is a perfect use-case for git-notes? This means the commit itself isn't touched and the non-scale git-tag space isn't wasted? -- Kind Regards, Dave Walker __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
