[QA] [Ops] security patches handling

Chad Horohoe chorohoe at wikimedia.org
Wed Jan 25 22:22:15 UTC 2017

On Wed, Jan 25, 2017 at 2:08 PM Alex Monk <krenair at gmail.com> wrote:

> On 25 January 2017 at 22:00, Stas Malyshev <smalyshev at wikimedia.org>
> wrote:
> > - Using merges/shared git history between deployment branches instead
> > of patchfiles would probably simplify a lot of this, needs further
> thinking
> > through though
> I think if we could have private/restricted access branches instead of
> plain files that might be more helpful. Is it feasible?
> I don't think we really allow private things like that in Gerrit. I'm also
> not convinced it would be particularly helpful.

Indeed, I don't trust branch-level read permissions. I'm sure there's other
options though :)

Right now I'm thinking something like having a new branch on tin clone from
the previous
branch so we can just merge or cherry-pick them on top of the new branch.
Should help
git figure out a little better how to merge (more context). Would also help
us know more
immediately "this has already been patched in master, skip it"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/qa/attachments/20170125/887e3705/attachment-0001.html>

More information about the QA mailing list