From: Michael Opdenacker <michael.opdenacker@bootlin.com>
To: Roland Hieber <rhi@pengutronix.de>, docs@lists.yoctoproject.org
Cc: yocto@pengutronix.de
Subject: Re: [docs] [PATCH 1/4] contributor-guide: recipe-style-guide: add section about CVE patches
Date: Wed, 20 Sep 2023 16:11:49 +0200 [thread overview]
Message-ID: <88d5ed59-f2bb-9472-2efb-099bc8d0ef96@bootlin.com> (raw)
In-Reply-To: <20230920100647.1038583-1-rhi@pengutronix.de>
Hi Roland
Many thanks for the update!
See my comments below...
On 20.09.23 at 12:06, Roland Hieber wrote:
> This was previously included in the OpenEmbedded wiki page [1], but was
> not ported along with the rest in commit 95c9a1e1e78bbfb82ade
> (2023-09-12, Michael Opdenacker: "contributor-guide: recipe-style-guide:
> add Upstream-Status").
>
> [1]: https://www.openembedded.org/index.php?title=Commit_Patch_Message_Guidelines&oldid=10935
>
> Group the examples in their own sections.
>
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
> This is basically v2 of "[PATCH] contributor-guide: add docs for
> Upstream-Status patch headers", Message-Id:
> <20230919111549.997443-2-rhi@pengutronix.de>
> <https://lists.yoctoproject.org/g/docs/topic/resend_patch/101455254>
> rebased onto master-next, but since it looks so different now I made a
> new v1 patch out of it.
>
> .../contributor-guide/recipe-style-guide.rst | 27 ++++++++++++++++++-
> 1 file changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/documentation/contributor-guide/recipe-style-guide.rst b/documentation/contributor-guide/recipe-style-guide.rst
> index 99105179a6b9..52ab4523c49f 100644
> --- a/documentation/contributor-guide/recipe-style-guide.rst
> +++ b/documentation/contributor-guide/recipe-style-guide.rst
> @@ -321,7 +321,17 @@ the status should be changed to ``Submitted [where]``, and an additional
> ``Signed-off-by:`` line should be added to the patch by the person claiming
> responsibility for upstreaming.
>
> -For example, if the patch has been submitted upstream::
> +CVE patches
> +-----------
I've got an issue with this... This makes the "CVE patches" section a
subsection of "Patch Upstream Status".
Could you instead use?
CVE patches
========
> +
> +In order to have a better control of vulnerabilities, patches that fix CVEs must
> +contain a *"CVE:"* tag. This tag list all CVEs fixed by the patch. If more than
s/*"CVE:"* tag/``CVE:``/
to match the way Upstream-Status was introduced
> +one CVE is fixed, separate them using spaces.
> +
> +Examples
> +--------
> +
> +Here's an example of a patch that has been submitted upstream::
>
> rpm: Adjusted the foo setting in bar
>
> @@ -336,3 +346,18 @@ For example, if the patch has been submitted upstream::
>
> A future update can change the value to ``Accepted`` or ``Denied`` as
> appropriate.
> +
> +This should be the header of patch that fixes CVE-2015-8370 in GRUB2::
s/of patch/of the patch/
We have a macro for CVEs:
s/CVE-2015-8370/:cve:`2015-8370`/
I know, you can't know this ;-)
> +
> + grub2: Fix CVE-2015-8370
Could you add this section to another "Examples" subsection, dedicated
to the "CVE:" tag? This way, each section (Upstream-Status and CVE) has
its own examples subsection, and we don't have to create an "Examples"
section which applies only by the last two sessions (a bit weird).
Thanks in advance,
Michael.
--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
prev parent reply other threads:[~2023-09-20 14:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 10:06 [PATCH 1/4] contributor-guide: recipe-style-guide: add section about CVE patches Roland Hieber
2023-09-20 10:06 ` [PATCH 2/4] contributor-guide: recipe-style-guide: add some more patch tagging examples Roland Hieber
2023-09-20 14:16 ` [docs] " Michael Opdenacker
2023-09-21 8:52 ` Roland Hieber
2023-09-22 9:25 ` Michael Opdenacker
2023-09-20 10:06 ` [PATCH 3/4] contributor-guide: discourage marking patches as Inappropriate Roland Hieber
2023-09-20 14:19 ` [docs] " Michael Opdenacker
2023-09-21 8:53 ` Roland Hieber
2023-09-20 10:06 ` [PATCH 4/4] contributor-guide: deprecate "Accepted" patch status Roland Hieber
2023-09-20 14:25 ` [docs] " Michael Opdenacker
2023-09-20 14:11 ` Michael Opdenacker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=88d5ed59-f2bb-9472-2efb-099bc8d0ef96@bootlin.com \
--to=michael.opdenacker@bootlin.com \
--cc=docs@lists.yoctoproject.org \
--cc=rhi@pengutronix.de \
--cc=yocto@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox