Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/0.2.z] TC-2240 OSV GHSA - Ecosystem RubyGems #1285

Closed
wants to merge 5 commits into from
Closed

[release/0.2.z] TC-2240 OSV GHSA - Ecosystem RubyGems #1285

wants to merge 5 commits into from

Conversation

mrizzi
Copy link
Collaborator

@mrizzi mrizzi commented Feb 11, 2025

@mrizzi mrizzi requested a review from dejanb February 11, 2025 14:47
ctron
ctron requested changes Feb 11, 2025
View reviewed changes
Copy link
Contributor

@ctron ctron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm against backporting by default. That turned out to be tricky with the last release. Let's just merge main into the release branch before doing a release,.

@mrizzi
Copy link
Collaborator Author

mrizzi commented Feb 11, 2025

I'm against backporting by default. That turned out to be tricky with the last release. Let's just merge main into the release branch before doing a release,.

I can see the "all-in" pattern works fine in this phase when no selectivity in what to release (vs what is committed into main) is required.
But in the mid-term, how can we think about having this selectivity without it being tricky?
In the past, in other projects, we successfully used a tool that did the backport for us simply applying two labels on the PR (opened on main branch) to-be-backported, so really pretty basic with no effort involved but with the great benefit of having selectivity to ensure project maintenance.

Could we give this tool a try in this phase to decide if it fits in this context as well?

@ctron @dejanb @jcrossley3 WDYT?

@ctron
Copy link
Contributor

ctron commented Feb 12, 2025

In the past, in other projects, we successfully used a tool that did the backport for us simply applying two labels on the PR (opened on main branch) to-be-backported, so really pretty basic with no effort involved but with the great benefit of having selectivity to ensure project maintenance.

Could we give this tool a try in this phase to decide if it fits in this context as well?

I'd love that.

@mrizzi
Copy link
Collaborator Author

mrizzi commented Feb 13, 2025

Merged into release/0.2.z branch when releasing trustify 0.2.4

@mrizzi mrizzi closed this Feb 13, 2025
@mrizzi mrizzi deleted the backport-TC-2240 branch February 13, 2025 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctron ctron ctron requested changes

@dejanb dejanb Awaiting requested review from dejanb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mrizzi @ctron @carlosthe19916