[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacs-29 e2ac0d416b9 1/5: ; Merge from origin/emacs-28
|
From: |
Eli Zaretskii |
|
Subject: |
Re: emacs-29 e2ac0d416b9 1/5: ; Merge from origin/emacs-28 |
|
Date: |
Sun, 19 Feb 2023 20:16:54 +0200 |
> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sun, 19 Feb 2023 09:31:08 -0800
> Cc: emacs-devel@gnu.org
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> >> ; Merge from origin/emacs-28
> >>
> >> The following commits were skipped:
> >>
> >> e339926272a Fix etags local command injection vulnerability
> >> 5d05ea803e9 Fixed ctags local command execute vulnerability
> >> 22fb5ff5126 Fix ruby-mode.el local command injection vulnerability
> >> (b...
> >> 807d2d5b3a7 Fix htmlfontify.el command injection vulnerability.
> >> ae9bfed50db Fix storing email into nnmail by Gnus
> >
> > Stefan, why did you merge from emacs-28 to emacs-29? I think it's a
> > mistake: who knows what this brought to the release branch.
>
> We know what this brought though? You can see the full list of changes
> with "git diff", e.g.:
>
> git diff 068b53500e24b7b..ad6c6a3a11569c4
Why would we need to eyeball all those changes now? It's a wasted
effort. We never merge to the release branch, never.
> > If the reason was etc/HISTORY, I'd prefer making that change in
> > emacs-29 by hand instead. Are there any other reasons?
>
> Yes, ChangeLog.3, and AUTHORS too.
You will recreate those as part of tarring Emacs 29 anyway, so why
merge them? And HISTORY change is a single line.
> What am I missing?
It is simply unnecessary risk, and something we never do, for very
good reasons. I'd sleep better if you'd reverted those changes on
emacs-29, and made the single change in HISTORY by hand.