On Fri, Oct 2, 2020 at 09:43, Jonathan Bedard <jbed...@apple.com> wrote:
The biggest blocker we are aware of is managing security bugs, since the security advisory system used by GitHub is essentially the opposite of how WebKit security bugs work. Moving to GitHub Issues, if it happens, will be the last part of this transition, and we are interested in soliciting feedback from our contributors on what the WebKit project’s integration with GitHub Issues should look like.

I don't think we need much integration to use the issue tracker? Once we migrate existing bugs from WebKit Bugzilla, we can use it as we would any other issue tracker? Why would it require integration?

We might need to use a separate repository with more limited permissions to handle security reports. At least in GitLab, all project developers (committers) have access to all confidential issues. I'm not sure about GitHub, but I assume it would be the same.

What will require integration is pull request merges. If we want to maintain linear version history, we will want a merge bot. On GNOME GitLab, we have a large number of smaller projects and it's we don't need them, but for a one huge project like WebKit there will be too many conflicts otherwise, because every commit going into the main branch will require all other pull requests to be rebased. A merge bot -- e.g. [1] -- will handle that for us. (Not sure what merge bots are common on GitHub. )


[1] https://gitlab.com/fsdk-marge-bot

webkit-dev mailing list

Reply via email to