From: "Daniel P. Berrangé" <berrange@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Cc: "Konstantin Kostiuk" <kkostiuk@redhat.com>,
qemu-devel@nongnu.org, "Bin Meng" <bin.meng@windriver.com>,
"Stefan Weil" <sw@weilnetz.de>,
"Yonggang Luo" <luoyonggang@gmail.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Mauro Matteo Cascella" <mcascell@redhat.com>,
"Yan Vugenfirer" <yvugenfi@redhat.com>,
"Evgeny Iakovlev" <eiakovlev@linux.microsoft.com>,
"Andrey Drobyshev" <andrey.drobyshev@virtuozzo.com>,
"Xuzhou Cheng" <xuzhou.cheng@windriver.com>
Subject: Re: [PATCH 1/2] qga/win32: Remove change action from MSI installer
Date: Tue, 21 Feb 2023 10:17:51 +0000 [thread overview]
Message-ID: <Y/SaT59O2hhNpmHw@redhat.com> (raw)
In-Reply-To: <790be50d-9a52-6f92-f053-ee9a4eec0a31@linaro.org>
On Tue, Feb 21, 2023 at 09:15:15AM +0100, Philippe Mathieu-Daudé wrote:
> On 20/2/23 18:41, Konstantin Kostiuk wrote:
> > resolves: rhbz#2167436
>
> "You are not authorized to access bug #2167436."
>
> > fixes: CVE-2023-0664
>
> This commit description is rather scarce...
>
> I understand you are trying to fix a CVE, but we shouldn't play
> the "security by obscurity" card. How can the community and
> distributions know this security fix is enough with the bare
> "Remove change action from MSI installer" justification?
> Can't we do better?
Yes, commit messages should always describe the problem being
solved directly. Bug trackers usually make people wade through
piles of irrelevant comments & potentially misleading blind
alleys during the back & forth of triage. The important info
needs to be distilled down and put in the commit message,
concisely describing the problem faced. Bug tracker links have
been known to bit-rot too.
The commit message needs to focus on /why/ the change was made,
much more than describing /what/ was changed.
> > Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
> > ---
> > qga/installer/qemu-ga.wxs | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
> > index 51340f7ecc..feb629ec47 100644
> > --- a/qga/installer/qemu-ga.wxs
> > +++ b/qga/installer/qemu-ga.wxs
> > @@ -31,6 +31,7 @@
> > />
> > <Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" />
> > <Property Id="WHSLogo">1</Property>
> > + <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
> > <MajorUpgrade
> > DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed."
> > />
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2023-02-21 10:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-20 17:41 [PATCH 0/2] QGA installer fixes Konstantin Kostiuk
2023-02-20 17:41 ` [PATCH 1/2] qga/win32: Remove change action from MSI installer Konstantin Kostiuk
2023-02-21 7:47 ` Yan Vugenfirer
2023-02-21 8:15 ` Philippe Mathieu-Daudé
2023-02-21 9:06 ` Mauro Matteo Cascella
2023-02-21 9:33 ` Konstantin Kostiuk
2023-02-21 10:17 ` Daniel P. Berrangé [this message]
2023-02-20 17:41 ` [PATCH 2/2] qga/win32: Use rundll for VSS installation Konstantin Kostiuk
2023-02-21 7:47 ` Yan Vugenfirer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y/SaT59O2hhNpmHw@redhat.com \
--to=berrange@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=andrey.drobyshev@virtuozzo.com \
--cc=armbru@redhat.com \
--cc=bin.meng@windriver.com \
--cc=eiakovlev@linux.microsoft.com \
--cc=kkostiuk@redhat.com \
--cc=kraxel@redhat.com \
--cc=luoyonggang@gmail.com \
--cc=marcandre.lureau@redhat.com \
--cc=mcascell@redhat.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
--cc=thuth@redhat.com \
--cc=xuzhou.cheng@windriver.com \
--cc=yvugenfi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.