On 2015-08-17 15:46:24 +0200 (+0200), Thierry Carrez wrote: [...] > OSSA: <YYYY-ZZZ> > For commits that correspond to vulnerability fixes. [...]
I don't think that's going to be feasible. Consider the sequence with a public security vulnerability... often the OSSA number isn't assigned until after one or more backports have been approved. With some careful controls introduced into the VMT process we may be able to make sure most of these get updated commit messages before they merge, but would still need a plan to solve for the times when backported security fixes slip in without an OSSA header in the commit message. -- Jeremy Stanley __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
