Mailinglist Archive: opensuse-factory (443 mails)

< Previous Next >
Re: [opensuse-factory] Re: please someone help with SR#711379
Hello,

Am Dienstag, 2. Juli 2019, 10:34:15 CEST schrieb Richard Brown:
Simon is talking about the fact that in addition to the patch itself,
the motivation for the patch (such as the CVE#/BOO#/BSC# etc) needs to
be tracked also.
https://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Patch_ma
rkup_.28also_called_.22Tagging_patches.22.29

And as smart as any automated tool could be, I'm pretty sure it's not
going to be able to read the mind of the contributors to know which
bug/security ID was the motivation for adding a patch.

That's not a reason to force packagers to do everything manually ;-)

Nobody said that the changelog should be written completely
automatically (would be perfect, but I'm afraid AI didn't go that far
yet).

Nevertheless, "osc vc" could pre-populate the changelog with added,
removed and changed patches (saving the packager copy&paste from "osc
status"), like it already pre-populates the line with the packager's
mail address and the timestamp.

"osc vc" could generate something like this:

-------------------------------------------------------------------
Tue Jul 2 18:34:03 UTC 2019 - Pack Ager <packager@xxxxxxxxxxx>

-

- added fix-foo patch
- removed whatever.patch
- updated another.patch

-------------------------------------------------------------------

The packager can/should then still edit these lines, for example move
the patch names to related hand-written comments and/or add bug and CVE
references.

(In theory, a packager can also edit the autogenerated line with the
mail address and timestamp, for example if nobody should see that you
package after midnight ;-)

Automatically handling the removal of the patch should be relatively
easier though - assuming the ID is already present the tooling could
actually look up the Bug ID and confirm whether or not the bug is
closed before allowing the removal of the patch from the specfile -
and that could be a nice improvement that'll stop tons of fixed bugs
being left open when maintainers forget to close them ;)

I'd hope that _adding_ (not removing) a patch is meant to fix a bug ;-)

When removing patches, looking up bugs doesn't make too much sense IMHO.
(Removing patches typically happens when updating to the next upstream
release which has the fix already included.)

Besides that - _if_ you implement that bugzilla lookup, please make it a
warning only. There might be reasons to keep a bug open even if it is
fixed in Tumbleweed, for example because you also have to do a
maintenance update for Leap.


Regards,

Christian Boltz
--
postmap: fatal: open /etc/postfix/virtual: No such file or directory
Also mal ehrlich: Was könnte diese ausgesprochen kryptische, vermutlich
streng verschlüsselte Meldung wohl bedeuten...? Erdstrahlung? Die
Illuminaten? [> Thore und Jan P. Kessler in postfix-users]



--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups