Two best options for applying a security patch directly?
Potential work flow
https://www.apache.org/dev/git.html#workflow
- Get a private fork on github ($$) where the security group could have all pull-requests that can not be seen from the outside and frequently get synched to the main repo.
- When applying the patch, apply directly into origin to avoid a pull request. One can do this using the following:
| Code Block | ||||
|---|---|---|---|---|
| ||||
git commit --author="Joe Smith <joe.smith@genericinstitution.edu>" |
When pushed, Git will have an entry for the author, as specified explicitly above, and the committer, whoever pushes in the patch.
Before the patch is ready
- Open a Security JIRA
- Unlike a typical patch that would go directly into a PR (pull request), the patch will be attached to the JIRA for review. Hence the need to apply the patch directly.