[openstack-dev] [stable] [infra] How to auto-generate stable release notes
Jeremy Stanley
fungi at yuggoth.org
Mon Aug 17 14:59:24 UTC 2015
On 2015-08-17 15:46:24 +0200 (+0200), Thierry Carrez wrote:
[...]
> OSSA: <YYYY-ZZZ>
> For commits that correspond to vulnerability fixes.
[...]
I don't think that's going to be feasible. Consider the sequence
with a public security vulnerability... often the OSSA number isn't
assigned until after one or more backports have been approved. With
some careful controls introduced into the VMT process we may be able
to make sure most of these get updated commit messages before they
merge, but would still need a plan to solve for the times when
backported security fixes slip in without an OSSA header in the
commit message.
--
Jeremy Stanley
More information about the OpenStack-dev
mailing list