Contributors mailing list archives
contributors@odoo-community.org
Browse archives
Re: Procedure to create 16.0 branches
by
Tecnativa. S. L., Pedro M. Baeza
> Denis could you confirm this SHA conservation could make
us safe against such crafted attack commits in the middle of the
missing commits that one would need to cherry-pick with the new
procedure?
> This crafted commit attack thing is indeed extremely concerning...
It will be safer if the commit already resides in the prior branch when creating the new branch (and the SHA or signings will be the same). The problem is for missing commits that come after the branch creation. The only way to totally avoid this risk is to have one module per repo, and only "fork" when migrating the module, but we all know that this is impossible technically and by permission scheme.
Regards.
Reference
-
Procedure to create 16.0 branches
byAcsone SA/NV, Stéphane Bidoul- 20/07/2022 12:42:51 - 0-
-
-
-
Re: Procedure to create 16.0 branches
byAkretion France., Raphaël Reverdy- 21/07/2022 11:42:19 - 0 -
-
-
-
Re: Procedure to create 16.0 branches
by "Aarón Henríquez Quintana" <aaron.henriquez@forgeflow.com> - 21/07/2022 11:09:56 - 0 -
-
-
