[Qemu-devel] [PATCH] Add git-publish profile for security bugs

Gerd Hoffmann posted 1 patch 4 years, 7 months ago
Test FreeBSD passed
Test docker-mingw@fedora passed
Test asan passed
Test docker-clang@ubuntu passed
Test checkpatch passed
Test s390x failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190812071212.24551-1-kraxel@redhat.com
There is a newer version of this series
.gitpublish | 11 +++++++++++
1 file changed, 11 insertions(+)
[Qemu-devel] [PATCH] Add git-publish profile for security bugs
Posted by Gerd Hoffmann 4 years, 7 months ago
Simplifies sending security patches to all people listed in
https://wiki.qemu.org/SecurityProcess.  Should also make it
harder to send a copy to the mailing list by accident.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 .gitpublish | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.gitpublish b/.gitpublish
index a13f8c7c0ecd..55750c45ed89 100644
--- a/.gitpublish
+++ b/.gitpublish
@@ -49,3 +49,14 @@ base = master
 to = qemu-devel@nongnu.org
 cc = qemu-ppc@nongnu.org
 cccmd = scripts/get_maintainer.pl --noroles --norolestats --nogit --nogit-fallback 2>/dev/null
+
+# https://wiki.qemu.org/SecurityProcess
+[gitpublishprofile "security"]
+base = master
+to = mst@redhat.com
+to = pmatouse@redhat.com
+to = sstabellini@kernel.org
+to = secalert@redhat.com
+to = mdroth@linux.vnet.ibm.com
+to = pjp@redhat.com
+suppresscc = all
-- 
2.18.1


Re: [Qemu-devel] [PATCH] Add git-publish profile for security bugs
Posted by John Snow 4 years, 7 months ago

On 8/12/19 3:12 AM, Gerd Hoffmann wrote:
> Simplifies sending security patches to all people listed in
> https://wiki.qemu.org/SecurityProcess.  Should also make it
> harder to send a copy to the mailing list by accident.
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  .gitpublish | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/.gitpublish b/.gitpublish
> index a13f8c7c0ecd..55750c45ed89 100644
> --- a/.gitpublish
> +++ b/.gitpublish
> @@ -49,3 +49,14 @@ base = master
>  to = qemu-devel@nongnu.org
>  cc = qemu-ppc@nongnu.org
>  cccmd = scripts/get_maintainer.pl --noroles --norolestats --nogit --nogit-fallback 2>/dev/null
> +
> +# https://wiki.qemu.org/SecurityProcess
> +[gitpublishprofile "security"]
> +base = master
> +to = mst@redhat.com
> +to = pmatouse@redhat.com
> +to = sstabellini@kernel.org
> +to = secalert@redhat.com
> +to = mdroth@linux.vnet.ibm.com
> +to = pjp@redhat.com
> +suppresscc = all
> 

Should we force inspect-emails = true here due to the nature of the
security list? That way if we accidentally add extra CCs/etc there's a
chance to review 'em.

Also, should we update MAINTAINERS to match this script?

Responsible Disclosure, Reporting Security Issues
-------------------------------------------------
W: https://wiki.qemu.org/SecurityProcess
M: Michael S. Tsirkin <mst@redhat.com>
L: secalert@redhat.com


With perhaps a footnote encouraging anyone changing this section to also
update the git-publish script and vice-versa?

--js

Re: [Qemu-devel] [PATCH] Add git-publish profile for security bugs
Posted by Gerd Hoffmann 4 years, 7 months ago
> > +# https://wiki.qemu.org/SecurityProcess
> > +[gitpublishprofile "security"]
> > +base = master
> > +to = mst@redhat.com
> > +to = pmatouse@redhat.com
> > +to = sstabellini@kernel.org
> > +to = secalert@redhat.com
> > +to = mdroth@linux.vnet.ibm.com
> > +to = pjp@redhat.com
> > +suppresscc = all
> > 
> 
> Should we force inspect-emails = true here due to the nature of the
> security list? That way if we accidentally add extra CCs/etc there's a
> chance to review 'em.

That makes sense indeed.

> Also, should we update MAINTAINERS to match this script?
> 
> Responsible Disclosure, Reporting Security Issues
> -------------------------------------------------
> W: https://wiki.qemu.org/SecurityProcess
> M: Michael S. Tsirkin <mst@redhat.com>
> L: secalert@redhat.com

Hmm, good question.  I took the list of addresses from the
SecurityProcess page.  Not sure why MAINTAINERS is not in sync even
though it links the page.  Is that intentional or just an oversight?

[ Cc'ing mst ]

cheers,
  Gerd