Security/Firefox/Security Bug Life Cycle: Difference between revisions

Jump to navigation Jump to search

Security/Firefox/Security Bug Life Cycle (view source)

Revision as of 22:34, 1 October 2019

43 bytes added ,  1 October 2019
m
reformatting
m (reformatting)
Line 90: Line 90:
Testcases for vulnerability fixes should be split into a separate patch for this "sec-approval" process. These testcases should land ''after'' we have shipped the fix in Release, usually by a few weeks to give users time to have applied the update. We '''must''' track the task of landing these patches later. You have two main options and either is fine. A task bug is more upfront work but more straightforward; the flag is easy but requires more follow-up.
Testcases for vulnerability fixes should be split into a separate patch for this "sec-approval" process. These testcases should land ''after'' we have shipped the fix in Release, usually by a few weeks to give users time to have applied the update. We '''must''' track the task of landing these patches later. You have two main options and either is fine. A task bug is more upfront work but more straightforward; the flag is easy but requires more follow-up.


# Create a task bug assigned to yourself ("Land tests for bug XXXX") that depends on the vulnerability bug. It must be a hidden security bug like the main vulnerability. Add the keyword '''sec-other'''
:'''Option 1:''' Create a task bug assigned to yourself ("Land tests for bug XXXX") that depends on the vulnerability bug. It must be a hidden security bug like the main vulnerability. Add the keyword <code>sec-other</code>
# Or, track it in the original bug using the '''in-testsuite?''' flag. If you go this route you must remember to check for un-landed tests (queries below). Once the tests are landed change the flag to '''in-testsuite+'''.
 
:'''Option 2:''' Track it in the original bug using the <code>in-testsuite?</code> flag. If you go this route you must remember to check for un-landed tests (queries below). Once the tests are landed change the flag to <code>in-testsuite+</code>




[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=FIX%20flag%3Ain-testsuite%3F%20kw%3Asec-%20assignee%3A%25user%25 '''"My" security testcases that need landing'''] (personalized)<br>
[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=FIX%20flag%3Ain-testsuite%3F%20kw%3Asec-%20assignee%3A%25user%25 '''"My" security testcases that need landing'''] (personalized)<br>
[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=FIX%20flag%3Ain-testsuite%3F%20kw%3Asec-&limit=0&order=cf_last_resolved '''All unlanded testcases for fixed security bugs''']<br>
[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=FIX%20flag%3Ain-testsuite%3F%20kw%3Asec-&limit=0&order=cf_last_resolved '''All unlanded testcases for fixed security bugs''']<br>
[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20sec-approval%3F '''Pending sec-approval requests''']<br>
[https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20sec-approval%3F '''Pending sec-approval requests''']
<br>
<br>
<br>
<br>
Dveditz
canmove, Confirmed users
640

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1218525"

Navigation menu