Joseph Wu created MESOS-7802: -------------------------------- Summary: Push-commits.py support script is too lenient when determining reviews to close Key: MESOS-7802 URL: https://issues.apache.org/jira/browse/MESOS-7802 Project: Mesos Issue Type: Bug Reporter: Joseph Wu Priority: Minor
The support script {{support/push-commits.py}} can be used by committers to push commits and simultaneously close reviews. However, it is currently quite easy to trick the script into closing unrelated reviews. For example, if you have a commit message like: {code} Referring to multiple reviews in one commit message. Review: https://reviews.apache.org/r/1/ Review: https://reviews.apache.org/r/2/ Review: https://reviews.apache.org/r/3/ Review: https://reviews.apache.org/r/4/ {code} The script will do this: {code} $ support/push-commits.py --dry-run Found reviews ['1', '2', '3', '4'] Pushing commits to apache Closing review 1 Closing review 2 Closing review 3 Closing review 4 {code} It is possible for this to happen non-maliciously, if the contributor's review description merely refers to another review in the same format. -- This message was sent by Atlassian JIRA (v6.4.14#64029)