Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: Procedure to create 16.0 branches
by "Raphaël Valyi" <rvalyi@akretion.com> - 21/07/2022 05:46:01Hello,
My vote goes to the opt-in option at least unless Pedro get convinced, because going against the will of somebody processing such a large portion of the PRs would be a terrible shot in the feet.
That being said, earlier Pedro raised the concern about the possibility to craft an attack commit inside a missing commit that would be cherry-picked just like with the current way of migrating. But:
On Wed, Jul 20, 2022, 3:42 PM Roussel, Denis <notifications@odoo-community.org> wrote:
To summarize:
- commits SHA are different with current behaviour
- commits SHA are equal with proposed one
Denis could you confirm this SHA conservation could make us safe against such crafted attack commits in the middle of the missing commits that one would need to cherry-pick with the new procedure?
This crafted commit attack thing is indeed extremely concerning...
Reference
-
Procedure to create 16.0 branches
byAcsone SA/NV, Stéphane Bidoul- 20/07/2022 12:42:51 - 0-
-
-
-
Re: Procedure to create 16.0 branches
byAkretion France., Raphaël Reverdy- 21/07/2022 11:42:19 - 0 -
-
-
-
Re: Procedure to create 16.0 branches
by "Aarón Henríquez Quintana" <aaron.henriquez@forgeflow.com> - 21/07/2022 11:09:56 - 0 -
-
-
