[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Codifying/Documenting Guix commit message conventions?
|
From: |
Liliana Marie Prikler |
|
Subject: |
Re: Codifying/Documenting Guix commit message conventions? |
|
Date: |
Sat, 29 Jun 2024 08:51:59 +0200 |
|
User-agent: |
Evolution 3.48.4 |
Hi Guix,
Am Freitag, dem 28.06.2024 um 21:11 -0400 schrieb Maxim Cournoyer:
> Richard Sent <richard@freakingpenguin.com> writes:
>
> > Another one seems to be the [security fixes], [fixes CVE-...], and
> > [fixes TROVE-...] blocks added to certain header lines. What other
> > tags exist? There seems to be inconsistency here when referring to
> > multiple CVEs. For example, when a fixes tag references multiple
> > CVEs you can find.
> >
> > [fixes CVE-2020-10700, CVE-2020-10704] [5]
> > [fixes CVE-2020-3898 & CVE-2019-8842] [6]
> > [fixes CVE-2023-{28755, 28756}] [7]
>
> I think these are likely to bust the 70 characters limit for a git
> commit summary line, so perhaps we could standardize on [fixes CVE-
> XXX] for single CVEs or [security fixes] when there are more than one
> (listing the CVEs in the commit message body instead then).
I think we should use a "Fixes: [short description] <URI>" footer for
both Guix and upstream bugs, that can easily be parsed – hopefully by
both humans and machines. That would give the interested reader the
(contextual) information they need, while also leaving the main body to
a more thorough description of the patch itself.
Cheers
>