[OpenStack-Infra] Fwd: CVE References in LPs are messed up after centos feature branch rebase
Clark Boylan
cboylan at sapwetik.org
Fri Dec 13 17:17:05 UTC 2019
On Fri, Dec 13, 2019, at 8:48 AM, Saul Wold wrote:
>
> Hello Infra team:
>
> Apparently something got messed up with Launchpad and updating a number
> of starlingx repos with a feature branch.
>
> I was following the methodology of updating a feature branch with
> changes from master via merges and I guess when I pushed that to gerrit
> and it merged, it caused some Launchpad ugliness. See email below.
>
> Thoughts?
I think what happened here is you merged bug fixes (in this case cve bug fixes) from master into a feature branch. Then when you pushed that merge commit and merged it, the bot noticed that those bug fixes had merged to the feature branch and commented with those details on the bug. I believe this is "correct" behavior from the bot.
Is the issue the existence of comments like https://bugs.launchpad.net/starlingx/+bug/1844579/comments/18 on the bugs? Or is there some other metadata that is being added that I am missing?
If we don't want comments like that to appear you'd need to modify your merged trees so that bug fixes don't go from master into the feature branch. Or we'd need to come up with some rule set we can apply to the bot to filter bugs out in certain circumstances.
>
> Thanks
> Sau!
>
>
>
> -------- Forwarded Message --------
> Subject: CVE References in LPs are messed up after centos feature
> branch rebase
> Date: Fri, 13 Dec 2019 00:30:26 +0000
> From: Khalil, Ghada <Ghada.Khalil at windriver.com>
> To: Saul Wold <sgw at linux.intel.com>
>
>
>
> Hi Saul,
>
> The CVE References in about 15 LPs are now messed up after the rebase of
> the f-centos8 feature branch. The rebase updated a large # of launchpads
> and somehow automatically added CVE references (from a subset of bugs)
> to all of them. Any idea what is going on here?
>
> Here are some examples:
>
> https://bugs.launchpad.net/starlingx/+bug/1844579
>
> Originally had no CVE References. Now it has 3 references.
>
> https://bugs.launchpad.net/starlingx/+bug/1849200
>
> Originally only had CVE-2018-15686 as a CVE Reference. Now it has all
> the recently fixed CVEs linked to this bug.
>
> Snapshot from the full activity log:
>
> Here is the query that shows that all the bugs that were picked up in
> the rebase now have CVE links:
>
> https://bugs.launchpad.net/starlingx/+bugs?field.searchtext=&orderby=-importance&field.status%3Alist=NEW&field.status%3Alist=OPINION&field.status%3Alist=INVALID&field.status%3Alist=WONTFIX&field.status%3Alist=EXPIRED&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=FIXRELEASED&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_commenter=&field.subscriber=&field.structural_subscriber=&field.tag=in-f-centos8&field.tags_combinator=ANY&field.has_cve.used=&field.has_cve=on&field.omit_dupes.used=&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on&field.has_blueprints.used=&field.has_blueprints=on&field.has_no_blueprints.used=&field.has_no_blueprints=on&search=Search
>
> *Ghada Khalil*, Manager, Titanium Cloud, *Wind River*
> direct 613.270.2273 skype ghada.khalil.ottawa
>
> 350 Terry Fox Drive, Suite 200, Kanata, ON K2K 2W5
>
>
> _______________________________________________
> OpenStack-Infra mailing list
> OpenStack-Infra at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
More information about the OpenStack-Infra
mailing list