* Soft Feature Freeze starts now for edk2-stable202002 @ 2020-02-14 8:19 Liming Gao 2020-02-14 18:52 ` [edk2-announce] " Tim Lewis 0 siblings, 1 reply; 5+ messages in thread From: Liming Gao @ 2020-02-14 8:19 UTC (permalink / raw) To: devel@edk2.groups.io, announce@edk2.groups.io Cc: Guptha, Soumya K, Kinney, Michael D, Laszlo Ersek, afish@apple.com, leif.lindholm@linaro.org [-- Attachment #1: Type: text/plain, Size: 961 bytes --] Hi, all We will enter into Soft Feature Freeze phase. In this phase, the feature under review will not be allowed to be pushed. The patch review can continue without break in edk2 community. If the patch is sent before Soft Feature Freeze, and plans to catch this stable tag, the patch contributor need reply to his patch and notify edk2 community. If the patch is sent after Soft Feature Freeze, and plans to catch this stable tag, please add edk2-stable202002 key words in the patch title and BZ, so the community know this patch target and give the feedback. Below is edk2-stable202002 tag planning https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning Proposed Schedule Date (00:00:00 UTC-8) Description 2019-12-02 Beginning of development 2020-02-07 Feature Planning Freeze 2020-02-14 Soft Feature Freeze 2020-02-21 Hard Feature Freeze 2020-02-28 Release Thanks Liming [-- Attachment #2: Type: text/html, Size: 3888 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 2020-02-14 8:19 Soft Feature Freeze starts now for edk2-stable202002 Liming Gao @ 2020-02-14 18:52 ` Tim Lewis 2020-02-17 5:20 ` Liming Gao 0 siblings, 1 reply; 5+ messages in thread From: Tim Lewis @ 2020-02-14 18:52 UTC (permalink / raw) To: 'Liming Gao', devel, announce Cc: 'Guptha, Soumya K', 'Kinney, Michael D', 'Laszlo Ersek', afish, leif.lindholm Liming -- Is there any plan to list all of the security fixes related CVEs that are being checked in to the list of official features for this stable tag? We have listed the Boot Guard one. Thanks, Tim Lewis CTO, Insyde Software www.insyde.com -----Original Message----- From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of Liming Gao Sent: Friday, February 14, 2020 12:19 AM To: devel@edk2.groups.io; announce@edk2.groups.io Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; afish@apple.com; leif.lindholm@linaro.org Subject: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Hi, all We will enter into Soft Feature Freeze phase. In this phase, the feature under review will not be allowed to be pushed. The patch review can continue without break in edk2 community. If the patch is sent before Soft Feature Freeze, and plans to catch this stable tag, the patch contributor need reply to his patch and notify edk2 community. If the patch is sent after Soft Feature Freeze, and plans to catch this stable tag, please add edk2-stable202002 key words in the patch title and BZ, so the community know this patch target and give the feedback. Below is edk2-stable202002 tag planning https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Plannin g Proposed Schedule Date (00:00:00 UTC-8) Description 2019-12-02 Beginning of development 2020-02-07 Feature Planning Freeze 2020-02-14 Soft Feature Freeze 2020-02-21 Hard Feature Freeze 2020-02-28 Release Thanks Liming ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 2020-02-14 18:52 ` [edk2-announce] " Tim Lewis @ 2020-02-17 5:20 ` Liming Gao 2020-02-17 5:49 ` Tim Lewis 0 siblings, 1 reply; 5+ messages in thread From: Liming Gao @ 2020-02-17 5:20 UTC (permalink / raw) To: Tim Lewis, devel@edk2.groups.io, announce@edk2.groups.io Cc: Guptha, Soumya K, Kinney, Michael D, 'Laszlo Ersek', afish@apple.com, leif.lindholm@linaro.org Tim: There is no special list for the security fixes. All bug fixes will be found in Bugzilla List in stable tag wiki, such as https://github.com/tianocore/edk2/releases/tag/edk2-stable201911 Boot Guard is as the feature. So, it is listed in the feature planning. Thanks Liming > -----Original Message----- > From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of Tim Lewis > Sent: Saturday, February 15, 2020 2:53 AM > To: Gao, Liming <liming.gao@intel.com>; devel@edk2.groups.io; announce@edk2.groups.io > Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; 'Laszlo Ersek' > <lersek@redhat.com>; afish@apple.com; leif.lindholm@linaro.org > Subject: Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 > > Liming -- > > Is there any plan to list all of the security fixes related CVEs that are > being checked in to the list of official features for this stable tag? We > have listed the Boot Guard one. > > Thanks, > Tim Lewis > CTO, Insyde Software > www.insyde.com > > -----Original Message----- > From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of Liming > Gao > Sent: Friday, February 14, 2020 12:19 AM > To: devel@edk2.groups.io; announce@edk2.groups.io > Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; > afish@apple.com; leif.lindholm@linaro.org > Subject: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 > > Hi, all > We will enter into Soft Feature Freeze phase. In this phase, the feature > under review will not be allowed to be pushed. The patch review can continue > without break in edk2 community. > > If the patch is sent before Soft Feature Freeze, and plans to catch this > stable tag, the patch contributor need reply to his patch and notify edk2 > community. > If the patch is sent after Soft Feature Freeze, and plans to catch this > stable tag, please add edk2-stable202002 key words in the patch title and > BZ, so the community know this patch target and give the feedback. > > Below is edk2-stable202002 tag planning > https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Plannin > g > Proposed Schedule > Date (00:00:00 UTC-8) Description > 2019-12-02 Beginning of development > 2020-02-07 Feature Planning Freeze > 2020-02-14 Soft Feature Freeze > 2020-02-21 Hard Feature Freeze > 2020-02-28 Release > > Thanks > Liming > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 2020-02-17 5:20 ` Liming Gao @ 2020-02-17 5:49 ` Tim Lewis 2020-02-17 7:46 ` Laszlo Ersek 0 siblings, 1 reply; 5+ messages in thread From: Tim Lewis @ 2020-02-17 5:49 UTC (permalink / raw) To: 'Gao, Liming', devel, announce Cc: 'Guptha, Soumya K', 'Kinney, Michael D', 'Laszlo Ersek', afish, leif.lindholm Liming -- Thanks for the pointer. The reason I ask is that many users of open source projects such as EDKII scan the releases for CVE numbers in order to make sure that critical components get updated. This is due to the fact that CVEs often need to be reported to downstream users. The Bugzilla list is a little hidden, since these CVE fixes are not called out directly in the wiki page. It would be much easier if the BZ items that are related to security fixes are promoted directly to the wiki page, not just available through a BZ query. Thanks Tim -----Original Message----- From: Gao, Liming <liming.gao@intel.com> Sent: Sunday, February 16, 2020 9:20 PM To: Tim Lewis <tim.lewis@insyde.com>; devel@edk2.groups.io; announce@edk2.groups.io Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; 'Laszlo Ersek' <lersek@redhat.com>; afish@apple.com; leif.lindholm@linaro.org Subject: RE: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 Tim: There is no special list for the security fixes. All bug fixes will be found in Bugzilla List in stable tag wiki, such as https://github.com/tianocore/edk2/releases/tag/edk2-stable201911 Boot Guard is as the feature. So, it is listed in the feature planning. Thanks Liming > -----Original Message----- > From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of > Tim Lewis > Sent: Saturday, February 15, 2020 2:53 AM > To: Gao, Liming <liming.gao@intel.com>; devel@edk2.groups.io; > announce@edk2.groups.io > Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; 'Laszlo Ersek' > <lersek@redhat.com>; afish@apple.com; leif.lindholm@linaro.org > Subject: Re: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 > > Liming -- > > Is there any plan to list all of the security fixes related CVEs that > are being checked in to the list of official features for this stable > tag? We have listed the Boot Guard one. > > Thanks, > Tim Lewis > CTO, Insyde Software > www.insyde.com > > -----Original Message----- > From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of > Liming Gao > Sent: Friday, February 14, 2020 12:19 AM > To: devel@edk2.groups.io; announce@edk2.groups.io > Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; > afish@apple.com; leif.lindholm@linaro.org > Subject: [edk2-announce] Soft Feature Freeze starts now for > edk2-stable202002 > > Hi, all > We will enter into Soft Feature Freeze phase. In this phase, the > feature under review will not be allowed to be pushed. The patch > review can continue without break in edk2 community. > > If the patch is sent before Soft Feature Freeze, and plans to catch > this stable tag, the patch contributor need reply to his patch and > notify edk2 community. > If the patch is sent after Soft Feature Freeze, and plans to catch > this stable tag, please add edk2-stable202002 key words in the patch > title and BZ, so the community know this patch target and give the feedback. > > Below is edk2-stable202002 tag planning > https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-P > lannin > g > Proposed Schedule > Date (00:00:00 UTC-8) Description > 2019-12-02 Beginning of development > 2020-02-07 Feature Planning Freeze > 2020-02-14 Soft Feature Freeze > 2020-02-21 Hard Feature Freeze > 2020-02-28 Release > > Thanks > Liming > > > > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002 2020-02-17 5:49 ` Tim Lewis @ 2020-02-17 7:46 ` Laszlo Ersek 0 siblings, 0 replies; 5+ messages in thread From: Laszlo Ersek @ 2020-02-17 7:46 UTC (permalink / raw) To: tim.lewis, 'Gao, Liming', devel, announce Cc: 'Guptha, Soumya K', 'Kinney, Michael D', afish, leif.lindholm On 02/17/20 06:49, tim.lewis@insyde.com wrote: > Liming -- > > Thanks for the pointer. > > The reason I ask is that many users of open source projects such as EDKII > scan the releases for CVE numbers in order to make sure that critical > components get updated. This is due to the fact that CVEs often need to be > reported to downstream users. The Bugzilla list is a little hidden, since > these CVE fixes are not called out directly in the wiki page. It would be > much easier if the BZ items that are related to security fixes are promoted > directly to the wiki page, not just available through a BZ query. * Any commit that fixes a CVE is supposed to carry the CVE ID in its subject, in the git history. So if you do $ git log --oneline --reverse edk2-stable201911..master | grep CVE that should give you the list. Right now, it gives me: - CVE-2019-14563 - CVE-2019-14586 - CVE-2019-14558 * For CVE patches pending review, the mailing list can be searched similarly. (E.g. "posted after a certain date, plus has both "CVE" and "PATCH" in subject.) The pending fixes seem to be for: - CVE-2019-14575 - CVE-2019-14587 - CVE-2019-14559 (Your question is precisely why I've always asked for CVE IDs in patch subjects.) Thanks Laszlo ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-17 7:46 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-02-14 8:19 Soft Feature Freeze starts now for edk2-stable202002 Liming Gao 2020-02-14 18:52 ` [edk2-announce] " Tim Lewis 2020-02-17 5:20 ` Liming Gao 2020-02-17 5:49 ` Tim Lewis 2020-02-17 7:46 ` Laszlo Ersek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox