stable-patch-format: Update CVE number requirements #60
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tswhison
approved these changes
Feb 18, 2025
tswhison
left a comment
tswhison
left a comment
There was a problem hiding this comment.
This seems to affirm the common practice.
|
This is what we were doing for quite a while now. Considering the number of CVE patches that we review and apply internally, I think it's fair to make this change. |
AnneCYH
reviewed
Mar 3, 2025
| #. Every **CVE** patch **must** contain a line at the beginning of the commit | ||
| message that specifies the CVE number(s) related to the patch. This must be | ||
| the first part of the body of the comment. | ||
| #. Every **CVE** patch must contain a line just before your sign-off that |
Collaborator
There was a problem hiding this comment.
I don't particularly enjoy seeing a lot of bolded text in a single sentence; it distracts readers by emphasizing too many things.
But to keep things consistent I'm adding the bold back.
Suggested change
| #. Every **CVE** patch must contain a line just before your sign-off that | |
| #. Every **CVE** patch **must** contain a line just before your sign-off that |
AnneCYH
reviewed
Mar 3, 2025
| #. The cover letter **must** contain the same "BugLink" line as in the patches | ||
| themselves, when one is present. | ||
|
|
||
| #. CVE cover letters should have the CVE number as the subject. |
This changes the stable patch format docs to reflect how we currently submit CVE fixes to the mailing list. Signed-off-by: Ian Whitfield <[email protected]>
Contributor
Author
|
Applied changed from @AnneCYH, thanks for reviewing! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This changes the stable patch format docs to reflect how we currently submit CVE fixes to the mailing list.
Please let me know your thoughts, wanted to get a PR started because this section of the docs seems to be at odds with how we currently work. Happy to change it as long as we agree on the right way to do it.