[TYPO3-v4] Suggestion: Security commit messages
Oliver Hader
oliver.hader at typo3.org
Sat Sep 17 13:31:50 CEST 2011
Hi Ernesto,
thanks for bringing up that topic.
Am 14.09.11 14:09, schrieb Ernesto Baschny [cron IT]:
> Hi,
>
> 1)
> currently our TYPO3v4 commit messages for security issues don't look
> different from regular commits. E.g. for our latest release:
>
> [BUGFIX] Disabling the cache does not work on invalid cHash value
> (Daniel Pötzinger)
>
> I would suggest to add a new flag (see [1]) called [SECURITY] to add
> some weight to these changes:
>
> [BUGFIX][SECURITY] Disabling the cache does not work on invalid cHash
> value (Daniel Pötzinger)
I agree and it totally makes sense. I've added the accordant part to the
wiki page about the Git commit messages:
http://wiki.typo3.org/CommitMessage_Format_(Git)
> 2)
> Another issue I found while re-reading the wiki page. Someone added this
> note:
>
> Note: In FLOW3 the [!!!] prefix is added at the very beginning of the
> line, so it doesn't get overlooked.
>
> Maybe we should / could also add this to our TYPO3v4 rules, so that they
> don't diverge from FLOW3, as it makes sense? We haven't had that much
> "!!!" usage anyway, since we almost never break backwards compatibility. ;)
Totally makes sense. So whenever the API is changes or also if
deprecated methods get removed (which is in fact a change of the API),
the [!!!] must be used.
> Any other suggestion around this? I would document that on the mentioned
> wiki page [1].
As mentioned, I already added the part on the security tag there.
Cheers,
Olly
--
Oliver Hader
TYPO3 v4 Core Team Leader
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
More information about the TYPO3-project-v4
mailing list