Avoiding Future Security Bug Regressions
Frédéric Buclin
lpsolit at gmail.com
Wed Feb 4 23:09:07 UTC 2009
Le 04. 02. 09 23:23, Max Kanat-Alexander a écrit :
> I see two causes for this:
>
> 1) Many invasive security security bugs were checked in at
> once immediately before a release.
The number of security bugs has nothing to do here. We could have
checked in only one and still triggered the problems reported.
> If there is no objection, I will write these up on the
> Wiki and they will become the official policy of the Bugzilla
> Project by Wednesday of next week.
There is an objection: I don't want this policy to be written in rock.
What you suggest wouldn't have prevented the regressions to occur, and
bmo is probably not going to be upgraded all the time to test a security
patch. It's the role of the patch author and of the reviewer to test
patches as well as possible, which we did.
Also, I think this kind of discussion should first take place elsewhere
before being posted here.
LpSolit
More information about the developers
mailing list