canmove, Confirmed users
4,854
edits
mNo edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
For security bugs with no sec- severity rating assume the worst and follow the rules for sec-critical. If you have experience fixing security bugs you could also take a crack at rating it yourself following the [[Security_Severity_Ratings]] | For security bugs with no sec- severity rating assume the worst and follow the rules for sec-critical. If you have experience fixing security bugs you could also take a crack at rating it yourself following the [[Security_Severity_Ratings]] | ||
Core-security bug fixes should just be landed by a developer without any | Core-security bug fixes should just be landed by a developer without any | ||
explicit approval if: | explicit approval if: | ||
# The bug has a sec-low, sec-moderate, sec-other, or sec-want rating.<br>'''OR''' | # The bug has a sec-low, sec-moderate, sec-other, or sec-want rating.<br>'''OR''' | ||
# The bug is a recent regression on mozilla-central | # The bug is a recent regression on mozilla-central (this means that the specific regressing check-in has been identified on mozilla-central) | ||
This means that the developer can mark the status flags for ESR, Beta, and Aurora as "unaffected." | This means that the developer can mark the status flags for ESR, Beta, and Aurora as "unaffected." | ||
It also means that we haven't shipped anywhere public in an official release yet. | It also means that we haven't shipped anywhere public in an official release yet. | ||
Line 12: | Line 11: | ||
If it meets the above criteria, check that patch in. | If it meets the above criteria, check that patch in. | ||
Otherwise, if the bug has a patch *and* is sec-high or sec-critical, the developer should set the sec-approval flag to '?' on the patch when it is ready to be checked into mozilla-central (or elsewhere if it is branch only). | Otherwise, if the bug has a patch *and* is sec-high or sec-critical, the developer should set the sec-approval flag to '?' on the patch when it is ready to be checked into mozilla-central (or elsewhere if it is branch only). | ||