On Fri, 19 Feb 2021, Lennart Poettering wrote:
> On Fr, 19.02.21 18:09, Mantas Mikulėnas (graw...@gmail.com) wrote:
>
> > On Fri, Feb 19, 2021 at 4:49 PM Lennart Poettering <lenn...@poettering.net>
> > wrote:
> >
> > > On Fr, 19.02.21 09:28, Robert P. J. Day (rpj...@crashcourse.ca) wrote:
> > >
> > > > i guess i expected that the CVE identifier would be in the commit
> > > > message. anyway, time to examine ...
> > >
> > > CVEs are assigned/published long after the commits to fix the issues
> > > are made. We cannot retroactively change git commits, that's just not
> > > how this works.
> > >
> >
> > This *could* work with git notes, it seems --grep searches them as well.
>
> We used to attach security + backport info via git notes onto our
> commits, but github doesn#t show them/support them. They were
> basically invisible, noone knew they were there. Thus we eventually
> stopped doing them.
>
> If github would integrate git notes into their UI somehow this would
> be grand.
i suspect that won't happen any time soon:
https://www.quora.com/Why-does-GitHub-no-longer-support-git-notes
rday
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
