On 2017-03-09 5:48 PM, Eric Rescorla wrote: > > > On Thu, Mar 9, 2017 at 2:43 PM, Ben Kelly <bke...@mozilla.com > <mailto:bke...@mozilla.com>> wrote: > > On Thu, Mar 9, 2017 at 5:35 PM, Mike Hommey <m...@glandium.org > <mailto:m...@glandium.org>> wrote: > > > On Thu, Mar 09, 2017 at 02:46:53PM -0500, Ehsan Akhgari wrote: > > > I review a large number of patches on a typical day, and usually I > have > > to > > > spend a fair amount of time to just understand what the patch is > doing. > > As > > > the patch author, you can do a lot to help make this easier by > *writing > > > better commit messages*. Starting now, I'm going to try out a new > > practice > > > for a while: I'm going to first review the commit message of all > patches, > > > and if I can't understand what the patch does by reading the commit > > message > > > before reading any of the code, I'll r- and ask for another version of > > the > > > patch. > > > > Sometimes, the commit message does explain what it does in a sufficient > > manner, but finding out why requires reading the bug, assuming it's > > written there. I think this information should also be in the commit > > message. > > > (Just continuing the thread here.) > > Personally I prefer looking at the bug for the full context and single > point of truth. Also, security bugs typically can't have extensive > commit > messages and moving a lot of context to commit messages might paint a > target on security patches. > > > Can't you determine that by just looking to see if the bug is visible?
Yeah, but I think Ben's main point is that for *security fixes* you aren't supposed to disclose any security sensitive information in the commit message that isn't obvious from the code change. I usually try to basically describe the code change in English, therefore not really reveal any information other than what is available in the diff itself in the commit message. At any rate, security fixes are an exception to the general rule. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
