(In reply to Andrew McCreight [:mccr8] from comment #8) > (In reply to Nazım Can Altınova [:canova][:canaltinova on phabricator] from comment #7) > > Requesting a sec-approval just in case. Please let me know what you think. > > You don't need sec-approval except for sec-high and sec-critical bugs that affect more than Nightly. Ah, thanks. I just wanted to be sure. > > Also, ["Fixing Security Bugs"](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html) document mentions that I should remove the bug number from the commit message. Does it apply to sec-low as well? > > It actually says you should remove everything EXCEPT for the bug number. Please always include the bug number. I think it is better to also include a bit of a description, but nothing beyond what a reasonable person would figure out from looking at the patch. Huh, I got confused about this sentence: "Definitely don’t include the bug number in the commit message." It's here: https://searchfox.org/mozilla-central/rev/8461ad1fc943ac560414322b66de5929ef10f706/docs/bug-mgmt/processes/fixing-security-bugs.rst#117-118 But I guess that's when you need to obfuscate your code. Ok, then I will push it like this. Thank you for the answer!
Bug 1870414 Comment 10 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Andrew McCreight [:mccr8] from comment #8) > (In reply to Nazım Can Altınova [:canova][:canaltinova on phabricator] from comment #7) > > Requesting a sec-approval just in case. Please let me know what you think. > > You don't need sec-approval except for sec-high and sec-critical bugs that affect more than Nightly. Ah, thanks. I just wanted to be sure. > > Also, ["Fixing Security Bugs"](https://firefox-source-docs.mozilla.org/bug-mgmt/processes/fixing-security-bugs.html) document mentions that I should remove the bug number from the commit message. Does it apply to sec-low as well? > > It actually says you should remove everything EXCEPT for the bug number. Please always include the bug number. I think it is better to also include a bit of a description, but nothing beyond what a reasonable person would figure out from looking at the patch. Huh, I think got confused by this sentence: "Definitely don’t include the bug number in the commit message." It's here: https://searchfox.org/mozilla-central/rev/8461ad1fc943ac560414322b66de5929ef10f706/docs/bug-mgmt/processes/fixing-security-bugs.rst#117-118 But I guess that's when you need to obfuscate your code. Ok, then I will push it like this. Thank you for the answer!