On 04/18/2016 03:26 AM, Burton, Ross wrote:
> Hi,
>
> At the moment we don't really have a policy for oe-core bugs in
> bugzilla.yoctoproject.org that apply to multiple releases, for example
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=9400. This is a CVE bug
> that should be fixed in all supported branches, and indeed Sona has sent
> patches for Fido/Dizzy/Jethro/master. Of course now we've got to track
> where these patches are in the submission process and ensure that we don't
> drop any of these,
If the worry is about patches being left out than every change requires
a bug number and needs to be managed to ensure a clone is created for
any branch affected by the fix.
but bugzilla only has a single target milestone for each
> bug.
>
> I propose that for bugs such as this
we file a bug report for master and
> then clone it (there's a Clone This Bug button at the bottom) for each
> stable release that is affected.
This also means maintainers who cherry-pick fixes from another branch
would have to amend the commit to change the bug number. Do we really
want to add to the workload of the maintainers?
Then each bug can have it's own target
> milestone set and we can be sure that the patches don't get left out of
> being merged and that QA can effectively verify each branch.
>
> Any objection or feedback?
This is why I stopped opening Yocto Bugs. I would rather spend my time
fixing things than managing them.
- Armin
(the first person to suggest moving to Jira gets
> to manually review all CVEs from CVE-1999-0001 onwards are fixed in
> krogoth).
>
> Ross
>
>
>
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
