Issue metadata
Sign in to add a comment
|
Please support private changes in Polygerrit |
||||||||||||||||||||||
Issue descriptionSecurity vulnerabilities require private change support, due to the need to control the disclosure of the vulnerability and patch. It's unlikely that we'll stop having vulnerabilities in Chromium, so please support private changes in Polygerrit. Specifically, the following features in "Old UI" need to be ported or have equivalents: 1) Button to mark change as private 2) Private indicator in change title Thank you very much!
,
May 15 2017
Last, I haven't been able to get the CL through a dry run. I used "git cl try", and the "Dry Running..." button is greyed out. However, it didn't kick off any bots. I had to kick them manually by choosing them using "Try jobs / Choose try jobs". CL: https://chromium-review.googlesource.com/c/505407/
,
May 15 2017
If you upload the CL with "git cl upload --private" (just like with Rietveld), it will upload it in "Draft" mode. In this mode, it is invisible to anyone except for you and the people you explicitly add as reviewers. Here's a CL to cause git-cl-upload to not auto-CC folks from WATCHLISTS or codereview.settings when uploading in --private mode: https://chromium-review.googlesource.com/506489 We know that "Draft" mode isn't perfect. The (Draft) indicator at the top of the page isn't as noticeable as we might like, and it isn't immediately obvious that "Draft" means "Private". We're working on those. But in the mean time, it should be totally usable for private reviews. Please file a separate bug for unrelated issues around trybots not starting.
,
May 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/tools/depot_tools/+/d105249ddaa338aa8b4d090646c05102f9169f3b commit d105249ddaa338aa8b4d090646c05102f9169f3b Author: Aaron Gable <agable@chromium.org> Date: Tue May 16 21:25:45 2017 Don't add WATCHLIST CCs on private CLs Many WATCHLIST and codereview.settings files contain large public email lists, which defeats the purpose of private reviews. R=tandrii@chromium.org Bug: 721880 Change-Id: Ibb3f314f735b783e628f8cc1fc22c74e0df59f1c Reviewed-on: https://chromium-review.googlesource.com/506489 Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org> Commit-Queue: Aaron Gable <agable@chromium.org> [modify] https://crrev.com/d105249ddaa338aa8b4d090646c05102f9169f3b/git_cl.py
,
May 16 2017
With the CL above, you shouldn't have to worry about accidentally CCing public lists. I've marked this as blocked on another bug; when that bug is fixed, PolyGerrit will have frontend support for the true Private mode, and we'll be able to switch to using that instead of Drafts
,
May 16 2017
Thank you very much for working on this!
,
May 18 2017
The Gerrit issue has been merged and should be deployed soon. (Maybe this issue should be merged into gerrit:6042?) https://bugs.chromium.org/p/gerrit/issues/detail?id=6042
,
May 18 2017
Nah we'll keep this issue separate because we also need to do some git-cl-side changes once the gerrit stuff is deployed.
,
May 18 2017
Thank you for addressing this so quickly!
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/tools/depot_tools/+/b02daf0bf9737168491585632d9f9dd5d1c7b4a8 commit b02daf0bf9737168491585632d9f9dd5d1c7b4a8 Author: Aaron Gable <agable@chromium.org> Date: Tue May 23 20:48:53 2017 git-cl: use private instead of draft The private mode is a better fit for how we want private (e.g. security-critical) changes to be reviewed. Draft was simply a placeholder until private was ready for use, which it now is. Bug: 721880 , 722627 Change-Id: Ib7b76c555437f4ddc7ab2b0e7ce5a9f9ee8be825 Reviewed-on: https://chromium-review.googlesource.com/513243 Commit-Queue: Aaron Gable <agable@chromium.org> Reviewed-by: Andrew Bonventre <andybons@chromium.org> [modify] https://crrev.com/b02daf0bf9737168491585632d9f9dd5d1c7b4a8/git_cl.py
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/tools/depot_tools/+/b02daf0bf9737168491585632d9f9dd5d1c7b4a8 commit b02daf0bf9737168491585632d9f9dd5d1c7b4a8 Author: Aaron Gable <agable@chromium.org> Date: Tue May 23 20:48:53 2017 git-cl: use private instead of draft The private mode is a better fit for how we want private (e.g. security-critical) changes to be reviewed. Draft was simply a placeholder until private was ready for use, which it now is. Bug: 721880 , 722627 Change-Id: Ib7b76c555437f4ddc7ab2b0e7ce5a9f9ee8be825 Reviewed-on: https://chromium-review.googlesource.com/513243 Commit-Queue: Aaron Gable <agable@chromium.org> Reviewed-by: Andrew Bonventre <andybons@chromium.org> [modify] https://crrev.com/b02daf0bf9737168491585632d9f9dd5d1c7b4a8/git_cl.py
,
May 23 2017
Please let us know if there are other things you need from git-cl or from PolyGerrit to support private/security-critical changes. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by pwnall@chromium.org
, May 12 2017