On 10/26/2012 07:04 PM, Erik Erlandson wrote:
On Fri, 2012-10-26 at 15:33 -0400, Matthew Farrellee wrote:Outstanding - . ability to notify upon illegal actions (devel -> stable merges) . interaction with security embargo policy (waiting to see the policy) .. security patches should not be published during embargoI haven't played with these at all, but they look like they may be useful at addressing some technical issues: Every GitHub repo has the option to communicate with a web server whenever the repo is pushed to. These "WebHooks" can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. https://help.github.com/articles/post-receive-hooks
The thought for notification of illegal actions is to setup a listener service that receives a "WebHook" and runs a version of /p/condor/repository/CONDOR_SRC.git/hooks/update that sends email notification to reduce the time between an illegal action and its remedy.
Right now the only illegal action is merging devel to stable.
It seems to me that hosting embargoed security patches in a github environment would require a private repo. No particular technical problem there, but private repos cost money.
The notion that embargoed patches can be pushed to the private repo in /p/condor/repository/CONDOR_SRC.git still exists. We discovered it is a broken notion during the previous security embargo. Once the broken notion is gone, the http://condor-git.cs.wisc.edu/ can be the same as CONDOR_SRC.git and the same as the github.com repo. Effectively, CONDOR_SRC.git won't be special from a content perspective.
Best, matt