-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
Git_Security
This information is valid only for developers who have been granted access to this repository.
The git security repository is for collaboration among developers for not yet disclosed security issues. The repository is quite special:
- It is not publicly accessible.
- It will often rebase.
The repository is located at github as a private repository, you need to add it as another remote repository to your existing phpmyadmin clone.
Open terminal window, cd to your repository and add the remote one:
cd ...../phpmyadmin
git remote add security git@github.com:phpmyadmin/phpmyadmin-security.git
git remote update security
First you need to choose where you will base your patches, this should be latest stable release and we will later merge changes to QA and master branches.
For example we will work on MAINT_3_3_5 and the security patches will be in MAINT_3_3_5-security branch.
First check whether MAINT_3_3_5-security branch already exists:
git branch MAINT_3_3_5-security security/MAINT_3_3_5-security
If this fails, we should create it:
git branch MAINT_3_3_5-security origin/MAINT_3_3_5
And checkout it to work on it:
git checkout MAINT_3_3_5-security
To get latest updates of security branch, do following:
git checkout MAINT_3_3_5-security
git pull security MAINT_3_3_5-security
Once you have done some changes, you can push it to the security repo:
git push security MAINT_3_3_5-security
Once the patches are ready, you need to merge changes to main git repository.
git remote update security # update patches from security repo
git checkout MAINT_3_3_5 # change working copy to maintenance branch
git merge security/MAINT_3_3_5-security # merge security branch
Now you can publish it as usual, but most likely you will want to merge changes to other branches as well:
git checkout QA_3_3 # checkout QA branch
git merge MAINT_3_3_5 # merge changes
git checkout master # checkout master branch
git merge QA_3_3 # merge changes
Once the changes are merged, you should delete the corresponding branch in the security repository to avoid confusion when other security issues arise:
git push security :MAINT_3_3_5-security
The advisories are prepared as draft in the website administration. Once they are ready to publish, just remove the draft flag and they will appear on the website.
Popular destinations:
- Team meetings
- GSoC home
- Developer guidelines
- How to install on Debian and Ubuntu
- Issue and pull-request management
User resources: