Re: [webkit-dev] rolling out a buggy security patch

2013-03-18 Thread Gustavo Noronha Silva
On Ter, 2013-03-12 at 02:26 -0700, Maciej Stachowiak wrote: > I am still curious who has access to the commit bot's bugzilla > account. Is a small set of known people, is it a large set, is the > password sitting around somewhere that others may get at it? I do not > recall this being answered at

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Geoffrey Garen
> Unfortunately rolling out isn't possible with sheriffbot. And I > don't think if I have authorization for rolling out a security fix > without review irrespectively of its goodness/buginess. It looks like the necessary review took just under 13 minutes: > Comment #1 From Csaba Osztrogonac 2013

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Osztrogonác Csaba
Maciej Stachowiak írta: On Tue, Oct 19, 2010 at 6:16 PM, Maciej Stachowiak > wrote: The commit bot is not a person and therefore can't agree to the security group policy, as required for security group membership. If a specific person or persons want to take responsibili

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Adam Barth
On Tue, Mar 12, 2013 at 2:26 AM, Maciej Stachowiak wrote: > > On Mar 12, 2013, at 1:48 AM, Adam Barth wrote: > > On Tue, Mar 12, 2013 at 1:36 AM, Osztrogonác Csaba > wrote: > > But my question is still open about how can we avoid similar > problems in the future. Why can't we let the EWS bots t

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Maciej Stachowiak
On Mar 12, 2013, at 1:48 AM, Adam Barth wrote: > On Tue, Mar 12, 2013 at 1:36 AM, Osztrogonác Csaba > wrote: >> But my question is still open about how can we avoid similar >> problems in the future. Why can't we let the EWS bots to >> build and test security patches before commit. > > This t

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Adam Barth
On Tue, Mar 12, 2013 at 1:36 AM, Osztrogonác Csaba wrote: > But my question is still open about how can we avoid similar > problems in the future. Why can't we let the EWS bots to > build and test security patches before commit. This topic was discussed on the webkit-security mailing list in May

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Ryosuke Niwa
It seems like Oliver has already r+ed the patch. I wish we had a better way of dealing with regressions from security bug fixes. In theory, sheriffbot should be able to roll out security bug fixes without having to access the original bug. - R. Niwa On Tue, Mar 12, 2013 at 1:15 AM, Osztrogonác C

Re: [webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Osztrogonác Csaba
Hi, Rollout patch was already r+ -ed, thanks for the quick r+. But my question is still open about how can we avoid similar problems in the future. Why can't we let the EWS bots to build and test security patches before commit. br, Ossy Osztrogonác Csaba írta: https://trac.webkit.org/changese

[webkit-dev] rolling out a buggy security patch

2013-03-12 Thread Osztrogonác Csaba
Hi All, https://trac.webkit.org/changeset/145482 which is a security fix, broke 33 JSC tests and made zillion layout test timeout on all platform. (It seems the author forgot to run tests at least on his own platform and watching the bots after landing.) It made bots early exit and very long tes