Sourceware mitigating and preventing the next xz-backdoor
Mark Wielaard
mark@klomp.org
Thu Apr 4 10:48:11 GMT 2024
Hi,
On Wed, 2024-04-03 at 08:42 -0600, Jeff Law wrote:
> On 4/3/24 8:04 AM, Tom Tromey wrote:
> > > > > > > "Florian" == Florian Weimer <fweimer@redhat.com> writes:
> >
> > Florian> Everyone still pushes their own patches, and there are no
> > Florian> technical countermeasures in place to ensure that the pushed version is
> > Florian> the reviewed version.
> >
> > This is a problem for gdb as well.
> >
> > Probably we should switch to some kind of pull-request model, where
> > patches can only be landed via the UI, after sufficient review; and
> > where all generated files are regenerated by the robot before checkin.
> > (Or alternatively some CI runs and rejects patches where they don't
> > match.)
> I've very much prefer to move to a pull-request model.
Do you need any infrastructure updates to help (experiment) with that?
Now would be a great time to request some updates to patchwork or get
us to resurrect the gerrit server if that would be helpful.
We just published the Sourceware 2024 infrastructure plan:
https://inbox.sourceware.org/20240325095827.GI5673@gnu.wildebeest.org/
Setting priorities for the infrastructure for 2024 (and beyond). We are
just now scheduling and budgeting that work. So please get your
requests in.
Cheers,
Mark
More information about the Binutils
mailing list