canmove, Confirmed users
4,854
edits
Security/Bug Approval Process: Difference between revisions
Security/Bug Approval Process (view source)
Revision as of 23:58, 17 February 2017
, 17 February 2017→Pushing to Try
(Adding security bug best practices) |
m (→Pushing to Try) |
||
| Line 69: | Line 69: | ||
==Pushing to Try== | ==Pushing to Try== | ||
* Do not push to Try servers if possible. | * Do not push to Try servers if possible. | ||
** Pushing to Try servers exposes the security issues for these critical and high rated bugs to public viewing. In an ideal case, testing of patches is done locally before final check-in to mozilla-central. | |||
* If pushing to Try servers is necessary, do not include tests in the push as the tests can illustrate the exact nature of the security problem frequently. | * If pushing to Try servers is necessary, do not include tests in the push as the tests can illustrate the exact nature of the security problem frequently. | ||
* If you must push to Try servers, with or without tests, try to obfuscate what this patch is for. Either push it with other, non-security work, in the same area or, at the very least, do not mention the hidden security bug anywhere. | * If you must push to Try servers, with or without tests, try to obfuscate what this patch is for. Either push it with other, non-security work, in the same area or, at the very least, do not mention the hidden security bug anywhere. | ||