Hi Laszlo, Thanks the comments.
Best Regards! Jiaxin > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Wednesday, October 9, 2019 11:55 PM > To: devel@edk2.groups.io; Wang, Jian J <jian.j.w...@intel.com>; Wu, Jiaxin > <jiaxin...@intel.com>; David Woodhouse <dw...@infradead.org>; Bret > Barkelew <bret.barke...@microsoft.com> > Subject: Re: [edk2-devel] [PATCH v1 0/4] Support HTTPS HostName > validation feature(CVE-2019-14553) > > On 10/01/19 01:21, Laszlo Ersek wrote: > > On 09/29/19 08:09, Wang, Jian J wrote: > >> For this patch series, > >> 1. " Contributed-under: TianoCore Contribution Agreement 1.1" is not > needed any more. > >> Remove it at push time and no need to send a v2. > >> 2. Since it's security patch which had been reviewed separately, I see no > reason for new r-b > >> required. Please raise it asap if any objections. > >> 3. Acked-by: Jian J Wang <jian.j.w...@intel.com> > > > > > > * Can you please confirm that these patches match those that we > > discussed here: > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c18 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c19 > > To answer my own question, I've now compared the patches from those BZ > comments linked above, with the present series. Here's a list of > differences. > > (1) The subject lines now include the reference "(CVE-2019-14553)". > > This is great, *but* please be sure to insert a space character before > the opening parenthesis! (In every patch.) > > (2) The commit messages reference both the BZ and the CVE number. > > Good. > > (3) In the commit messages, the line > > Contributed-under: TianoCore Contribution Agreement 1.0 > > has been upgraded to > > Contributed-under: TianoCore Contribution Agreement 1.1 > > I think this is wrong. The lines should have been removed, due to the > SPDX adoption. Please update all the commit messages. > > (4) Copyright notice updates are gone from the patches. > > That's fine: the reason is that the underlying files have seen their > copyright notices updated, meanwhile. > > > Otherwise, the patches (code, commit messages, and feedback tags) are > identical. > > Before you push the patches (or post a v2), please fix issues (1) and (3). > > Now, regarding the other set of questions: > > > * In the BZ, David and Bret raised some questions: > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c31 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c32 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c35 > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c36 > > > > and > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=960#c40 > > > > The latest comment in the bug is c#41. I'm not under the impression that > > all concerns raised by David and Bret have been addressed (or > > abandoned). I'd like David and Bret to ACK the patches. > > I'll first have to process the new comments down-thread. > > Thanks > Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48684): https://edk2.groups.io/g/devel/message/48684 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
