choo121600 opened a new pull request, #124:
URL: https://github.com/apache/airflow-steward/pull/124
## Summary
Trims `security-cve-allocate` frontmatter (`description` + `when_to_use`)
from **1,197 → 813** characters.
Same principle as #103, #119, #120, #121, #122, #123: frontmatter is the
routing layer. The body already covers the title-cleanup spec, the non-PMC
relay rule, the exact `generate-cve-json --attach` invocation, and the
post-allocation reconciliation handed off to `security-issue-sync`.
Tracking: #118
## Before / after
| | before | after | Δ |
|--------------|-------:|------:|-------:|
| description | 817 | 450 | -367 |
| when_to_use | 380 | 363 | -17 |
| **total** | **1,197** | **813** | **-384** |
| budget margin | 339 | 723 | +384 |
| budget | 1,536 | 1,536 | |
The `when_to_use` shrank by only 17 chars because nearly all of it is a
literal trigger phrase or a routing skip-cue that has to stay verbatim.
## What moved where
| Detail
| Where it
lives now |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------|
| Title-cleanup spec (*"the issue title stripped of redundant `<vendor>:
<product>:`, `[ Security Report ]`, trailing version parens and similar
noise"*)
| Body Steps (CVE-ready title preparation) |
| Non-PMC relay rule (*"allocation is PMC-gated — non-PMC triagers relay to
a PMC member"*)
| Body —
replaced in frontmatter by the shorter `(PMC-gated)` flag |
| Exact CLI invocation (*"runs `generate-cve-json --attach` to embed the
paste-ready JSON in the body"*)
| Body
Steps |
| Sync post-conditions (*"(milestone, assignee, reporter drafts, fix-PR
state) now that the CVE landing is complete"*)
|
`security-issue-sync`'s own frontmatter / body |
| Comment-collapsing detail (*"collapsed status-change comment"* →
*"status-change comment"*)
| Body Steps (status-change comment formatting) |
The trimmed `description` still names every routing-relevant artefact (`ASF
Vulnogram allocation URL`, `CVE-ready title`, *CVE tool link* field, `cve
allocated` label, paste-ready CVE JSON, `security-issue-sync` handoff) so user
phrasings like *"open the Vulnogram form for NNN"*, *"add the cve-allocated
label"*, or *"generate the CVE JSON"* still route here.
## Trigger-phrase preservation
Every literal trigger phrase from the original `when_to_use` is preserved
verbatim:
- `"allocate a CVE for NNN"`
- `"open the ASF CVE tool for NNN"`
- `"time to allocate NNN"`
- `(process step 6)`
Skip cues preserved:
- `before the valid/invalid decision has landed` (was *"has been landed"* —
passive-voice variant; the matchable substring `valid/invalid decision` is
verbatim)
- `trackers that already carry a CVE ID in their *CVE tool link* body field`
(verbatim)
The `(PMC-gated)` flag is a one-word stand-in for the original parenthetical
*"allocation is PMC-gated — non-PMC triagers relay to a PMC member"* — the
routing distinction survives; the implementation detail of the relay flow lives
in the body.
Routing recall does not regress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
