... | ... | @@ -10,10 +10,10 @@ Notes from the group meeting during IETF 101: |
|
|
1. In your local repository, create a development branch and a test case branch. Branches whose names contain the string "security" anywhere in the name, or end with the string "-testcase", are *always* protected and cannot be pushed to the *isc-projects/bind9* repository. After creating these branches, optionally set the upstream to the *isc-private/bind9* repository.
|
|
|
1. While the CVE is in progress, add protection for *\*_patch\** branches and *\*_P\** tags. This can be removed after public disclosure of the CVE, and ensures we will not accidentally release code prior to the planned disclosure date.
|
|
|
1. Once the branches containing the fix(es) and the test case are complete, push them to *isc-private/bind9* for review.
|
|
|
1. Create two merge requests, one for each branch pushed in the previous step, so that they can be discussed. **Make sure that the destination branch for both of these merge requests is set to *master* in *isc-private/bind9*, not *isc-projects/bind9*.**
|
|
|
1. Update the *master* branch in *isc-projects/bind9* with a placeholder `CHANGES` note.
|
|
|
1. Create two merge requests, one for each branch pushed in the previous step, so that they can be discussed. **Make sure that the destination branch for both of these merge requests is set to *main* in *isc-private/bind9*, not *isc-projects/bind9*.**
|
|
|
1. Update the *main* branch in *isc-projects/bind9* with a placeholder `CHANGES` note.
|
|
|
1. When the fix has been reviewed, cherry-pick it into a separate branch for each fixed maintenance branch (*\*-security-\*-v9_12*, *\*-security-\*-v9_11*, etc.) These can only be pushed to *isc-private/bind9*.
|
|
|
1. As the public *master* and *v9_X* branches are updated, continually rebase the private *\*-security-\** branches.
|
|
|
1. As the public *main* and *v9_X* branches are updated, continually rebase the private *\*-security-\** branches.
|
|
|
1. After disclosure, remove the protection on *\*_patch\** branches and *\*_P\** tags. Merge *\*-security-\** branches to the relevant branches in *isc-projects/bind9*. Push the *\*_patch\** branches and *\*_P\** tags to *isc-projects/bind9*. Delete the *\*-security-\** branches from *isc-private/bind9*.
|
|
|
|
|
|
##### Maintaining supported preview branches
|
... | ... | |