2
edits
Security/Bug Approval Process: Difference between revisions
no edit summary
mNo edit summary |
Ehoogeveen (talk | contribs) No edit summary |
||
| Line 22: | Line 22: | ||
If you have a patch and the bug is a hidden core-security bug with no rating then either: | If you have a patch and the bug is a hidden core-security bug with no rating then either: | ||
#request sec-approval (to be safe) and wait for a rating, <br> | # request sec-approval (to be safe) and wait for a rating, <br>'''OR''' | ||
# rate it following the and then proceed according to whether the bug is low/moderate or high/critical as above. | # rate it following the [[Security_Severity_Ratings]] and then proceed according to whether the bug is low/moderate or high/critical as above. | ||
If developers are unsure about a bug and it has a patch ready, just mark the sec-approval flag to '?' and move on. Don't overthink it! | If developers are unsure about a bug and it has a patch ready, just mark the sec-approval flag to '?' and move on. Don't overthink it! | ||
| Line 44: | Line 44: | ||
: How likely is this patch to cause regressions; how much testing does it need? | : How likely is this patch to cause regressions; how much testing does it need? | ||
This is similar to ESR approval nomination form and is meant to help us evaluate the risks around approving the patch for checkin. | This is similar to the ESR approval nomination form and is meant to help us evaluate the risks around approving the patch for checkin. | ||
When the bug is approved for landing, the sec-approval flag will be set to '+' with a comment from the approver to land the patch. At that point, land it. | When the bug is approved for landing, the sec-approval flag will be set to '+' with a comment from the approver to land the patch. At that point, land it. | ||