Hi Clark,
Sorry, I only get the archive of Infra and Ghada is not on the list, if
you can please reply to us and the list that would be great.
I think what happened here is you merged bug fixes (in this case cve bug fixes) from
master into a feature branch. Then when you pushed that merge commit and merged it, the
bot noticed that those bug fixes had merged to the feature branch and commented with
those details on the bug. I believe this is "correct" behavior from the bot.
Is there a different way to do the merge activity?
Is the issue the existence of comments like
https://bugs.launchpad.net/starlingx/+bug/1844579/comments/18 on the bugs? Or
is there some other metadata that is being added that I am missing?
Yes, that comment does not belong with that bug and because the comment
includes CVE-2019-XXXXX formating it adds the CVE References metadata also.
If we don't want comments like that to appear you'd need to modify your merged
trees so that bug fixes don't go from master into the feature branch. Or we'd
need to come up with some rule set we can apply to the bot to filter bugs out
in certain circumstances.
Modifying the merge trees would defeat the purpose of doing the merge I
think. Does this issue not affect other projects or are we yet again
doing strange operations in StarlingX ;-)! Not sure how hare it would
be to filter for feature branches.
Thanks
Sau!
On 12/13/19 8:48 AM, Saul Wold wrote:
Hello Infra team:
Apparently something got messed up with Launchpad and updating a number
of starlingx repos with a feature branch.
I was following the methodology of updating a feature branch with
changes from master via merges and I guess when I pushed that to gerrit
and it merged, it caused some Launchpad ugliness. See email below.
Thoughts?
Thanks
Sau!
-------- Forwarded Message --------
Subject: CVE References in LPs are messed up after centos feature
branch rebase
Date: Fri, 13 Dec 2019 00:30:26 +0000
From: Khalil, Ghada <ghada.kha...@windriver.com>
To: Saul Wold <s...@linux.intel.com>
Hi Saul,
The CVE References in about 15 LPs are now messed up after the rebase of
the f-centos8 feature branch. The rebase updated a large # of launchpads
and somehow automatically added CVE references (from a subset of bugs)
to all of them. Any idea what is going on here?
Here are some examples:
https://bugs.launchpad.net/starlingx/+bug/1844579
Originally had no CVE References. Now it has 3 references.
https://bugs.launchpad.net/starlingx/+bug/1849200
Originally only had CVE-2018-15686 as a CVE Reference. Now it has all
the recently fixed CVEs linked to this bug.
Snapshot from the full activity log:
Here is the query that shows that all the bugs that were picked up in
the rebase now have CVE links:
https://bugs.launchpad.net/starlingx/+bugs?field.searchtext=&orderby=-importance&field.status%3Alist=NEW&field.status%3Alist=OPINION&field.status%3Alist=INVALID&field.status%3Alist=WONTFIX&field.status%3Alist=EXPIRED&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=FIXRELEASED&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_commenter=&field.subscriber=&field.structural_subscriber=&field.tag=in-f-centos8&field.tags_combinator=ANY&field.has_cve.used=&field.has_cve=on&field.omit_dupes.used=&field.affects_me.used=&field.has_patch.used=&field.has_branches.used=&field.has_branches=on&field.has_no_branches.used=&field.has_no_branches=on&field.has_blueprints.used=&field.has_blueprints=on&field.has_no_blueprints.used=&field.has_no_blueprints=on&search=Search
*Ghada Khalil*, Manager, Titanium Cloud, *Wind River*
direct 613.270.2273 skype ghada.khalil.ottawa
350 Terry Fox Drive, Suite 200, Kanata, ON K2K 2W5
_______________________________________________
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
