Check option for private changes on Gerrit
Description
Activity
Barak Korren June 5, 2018 at 10:39 AM
This is beginning to look like an epic - at least the Gerrit and CI aspects should probably be dealt with separately.
Sandro Bonazzola June 5, 2018 at 5:25 AM
Note that https://gerrit-review.googlesource.com/Documentation/intro-user.html#private-changes says also:
"For CI systems that must verify private changes, a special permission can be granted (View Private Changes). In that case, care should be taken to prevent the CI system from exposing secret details."
so we should research also for a jenkins plugin which allows to test such private change without exposing it.
Sandro Bonazzola June 5, 2018 at 5:21 AM
User story:
A researcher find a vulnerability in one of the oVirt packages.
A CVE is opened and an embargo date is acknowledged between researcher, oVirt package maintainer and downstream vendors.
Between report and embargo date, oVirt package maintainer must be able to push a patch to gerrit as a private patch, getting it reviewed by a restricted number of people and get it ready for being merged immediately on embargo lift, when the vulnerability will be disclosed to public, in order to issue an immediate release right after the merge.
Eyal Edri June 4, 2018 at 12:38 PM
and were the original requestors for this user story, they might help add more info.
Barak Korren June 4, 2018 at 11:36 AM
What is the use case? Can we put this in terms of a user story?
Details
Assignee
Former userFormer user(Deactivated)Reporter
Eyal EdriEyal EdriBlocked By
Until Gerrit upgrades to 2.16Priority
High
Details
Details
Assignee
Former userReporter
Eyal EdriBlocked By
Priority
High
We need an option sometimes to post private changes ( not draft ) to Gerrit,
Gerrit has support for private changes [1], we should check if its available in current version.
[1] https://gerrit-review.googlesource.com/Documentation/intro-user.html#private-changes