On 9/10/19 7:55 AM, Dave Townsend wrote: > How often do we go back and land those tests and comments after the fix has > been in the release builds for a suitable amount of time?
I always land my tests...at some point. I don't know if everyone else adequately remembers to do so. We don't formally or systematically track this. I've argued for years that we should have something like a private repository for security fixes to allow us to actively test security patches (including their tests) without publicly exposing them. (The resulting builds would be undistributable, but they could be tested.) But it'd take a ton of infra work to have private repository/treeherder/etc. only accessible behind LDAP or something, so it's easier said than done. Personally, I just keep tests in bookmarks that I continually rebase. Eventually I'll conclude a bookmark is safely landable (where "landable" depends on how likely tests are to bitrot, how long the security issue was in place, the earliest release that received a backport, &c.) and then land it. And because each test is staring at me every time I |hg wip|, I won't lose track of them forever. Jeff _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
