[QA] [Ops] security patches handling
Chad Horohoe
chorohoe at wikimedia.org
Wed Jan 25 22:22:15 UTC 2017
On Wed, Jan 25, 2017 at 2:08 PM Alex Monk <krenair at gmail.com> wrote:
> On 25 January 2017 at 22:00, Stas Malyshev <smalyshev at wikimedia.org>
> wrote:
>
> > - Using merges/shared git history between deployment branches instead
> > of patchfiles would probably simplify a lot of this, needs further
> thinking
> > through though
>
> I think if we could have private/restricted access branches instead of
> plain files that might be more helpful. Is it feasible?
>
>
> I don't think we really allow private things like that in Gerrit. I'm also
> not convinced it would be particularly helpful.
>
Indeed, I don't trust branch-level read permissions. I'm sure there's other
options though :)
Right now I'm thinking something like having a new branch on tin clone from
the previous
branch so we can just merge or cherry-pick them on top of the new branch.
Should help
git figure out a little better how to merge (more context). Would also help
us know more
immediately "this has already been patched in master, skip it"
-Chad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/qa/attachments/20170125/887e3705/attachment-0001.html>
More information about the QA
mailing list