Mailinglist Archive: opensuse-packaging (174 mails)

< Previous Next >
Re: [opensuse-packaging] factory-auto will start checking bnc# visibility
On Thursday 21 November 2013 15:59:53 Tomáš Chvátal wrote:

So first of all I appreciate your goal to automate bug checks. I can only
imagine that Ludwigs idea was to avoid any hints to embargoed fixes (for not
yet disclosed security issues). That actually makes sense to me and I have to
admit that I uploaded such a fix to the OBS once myself (and yes, I discovered
it and our awesome admins killed it).

So it could make sense to disallow uploading embargoed fixes to public
projects in OBS. But this would have to happen at checkin time.

Another class of non-public bugs are legal issues. For those, I have to
regularly call Ciarran myself. Most of the time, there's no need to keep them
private and our legal team opens them up. But some have to stay private for a
longer period (CC'ing Ciarran therefore).

Closely related, you could definitely check for CVE numbers. But those are
more relevant for maintenance updates rather than Factory submissions.

From a Factory reviewers perspective, we also look if the mentioned bug is
actually matching the patch (happens more often than you think) or if the
upstream-proposed patch is the same that the packager submits. We also have
contributors that haven't yet heard of [0] and provide funky spellings like
"bugzilla#123", "bnc 123", "bug 123", "#123", "bnc #123". I would love to see
those auto-declined :-)

With kind regards,
Sascha Peilicke
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)
< Previous Next >