It would be hard for a sekrit society of developers to push through any changes that aren't documented publicly; we can all see the commit stream to Git, and if there are a sudden burst of patches being committed that violate the community's agreed-upon practices for submission and review, the community can call shenanigans on the person(s) doing the commits. In the case of any critical security fix, it would be the Release Manager's and Release Maintainers' responsibilities to justify the change set and the deviation from standard procedure; this is probably going to be as simple as "fixes this security issue" in the commit message. Once it's committed, a more robust report can be written up somewhere and linked. I don't think we're going to encounter these kinds of security issues often, so building a complex process to handle them seems counter-productive. I'd rather spend the time just finding/fixing any such issues. -Ian On Fri, Jun 3, 2011 at 8:38 AM, Owen Leonard <oleonard@myacpl.org> wrote:
Op vrijdag 3 juni 2011 22:03:50 schreef MJ Ray:
Please, no closed list for development discussions.
We're not talking about a secret cabal of self-chosen list members (anymore). Koha now has an (informally) elected list of officers who can be on the list: Release manager, release maintainer, QA manager. Let's keep it as simple as that.
-- Owen
-- Web Developer Athens County Public Libraries http://www.myacpl.org _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Ian Walls Lead Development Specialist ByWater Solutions ALA Booth 732 Phone # (888) 900-8944 http://bywatersolutions.com ian.walls@bywatersolutions.com Twitter: @sekjal