PHP 5.4.16 and PHP 5.3.26 released!

11 years ago by johannes@schlueters.de — view source

unread

private bugs can be only accessed by the php security team and some >security people from vendors:
http://git.php.net/?p=web/bugs.git;a=blob;f=include/trusted-devs.php >I think that private bugs like that should be made public after the >fixed >version release, just like others do the same:
https://bugzilla.redhat.com/show_bug.cgi?id=964969
usually searching for a CVE number on google works (after the fix is >released).

Yes, they should be made public. Not doing this is a process issue. Could anybody create a script we can run during release publishing and checking all NEWS entries and checks all bugs are public? Would be great. (Perfect would be if that script would also translate NEWS to HTML, see README.RELEASE_PROCESS for HTML requirements .. even beter would be generating NEWS from commit messages ... but small steps help already)

johannes

11 years ago by Stas Malyshev — view source

unread

Hi!

Yes, they should be made public. Not doing this is a process issue.

Rather absence of process issue - right now we pretty much have no
process of handling security bugs. I'm trying to do what makes sense but
sometimes things fall through the cracks - like forgetting to check all
the bugs for privacy settings...

to HTML, see README.RELEASE_PROCESS for HTML requirements .. even
beter would be generating NEWS from commit messages ... but small
steps help already)

NEWS from commits doesn't seem to be feasible, we tried that some time
ago but commits are way too noisy and special syntax just makes people
confused and they routinely forget to do it right. HTML from NEWS seems
to be doable though - right now it's 90% automatic, make sense to get it
to 100%.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

11 years ago by Stas Malyshev — view source

unread

Hi!

be great. (Perfect would be if that script would also translate NEWS
to HTML, see README.RELEASE_PROCESS for HTML requirements .. even

Something like this: https://gist.github.com/smalyshev/5736464

If it looks good, I'll add it into phpWeb/bin.

Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

11 years ago by johannes@schlueters.de — view source

unread

Stas Malyshev smalyshev@sugarcrm.com wrote:

Hi!

be great. (Perfect would be if that script would also translate NEWS
to HTML, see README.RELEASE_PROCESS for HTML requirements .. even

Something like this: https://gist.github.com/smalyshev/5736464

If it looks good, I'll add it into phpWeb/bin.

Please also add html escaping for the entry (some entres contain i.e. "->")

And then we'd need a volunteer to do the bug visibility check (bugweb/www/rpc.php or bugweb/www/rss/* might be good starting points for an API for that)

johannes

11 years ago by Stas Malyshev — view source

unread

Hi!

Please also add html escaping for the entry (some entres contain i.e.
"->")

Done, added it to bin/news2html on phpweb.

--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227

PHP 5.4.16 and PHP 5.3.26 released!

NEWS from commits doesn't seem to be feasible, we tried that some time ago but commits are way too noisy and special syntax just makes people confused and they routinely forget to do it right. HTML from NEWS seems to be doable though - right now it's 90% automatic, make sense to get it to 100%.

If it looks good, I'll add it into phpWeb/bin.

NEWS from commits doesn't seem to be feasible, we tried that some time
ago but commits are way too noisy and special syntax just makes people
confused and they routinely forget to do it right. HTML from NEWS seems
to be doable though - right now it's 90% automatic, make sense to get it
to 100%.