Greg Knaddison - GVS wrote:
5. Once a consensus is reached, commit it to your module on cvs.security.drupal.org. Run through your normal testing procedures and make sure things look good.
I don't see how this adds much more value over:
wget http://example.com/path_to_patch patch -p0 < security_patch_revision_3.patch
But, if you and dww both really like this and want to work on it I certainly won't stand in the way. It seems lower value to me but I am not in charge of your schedules.
I'm definitely not married to it... This was just an attempt to address the criticism that it's hard to test *exactly* what the end users would be downloading once the security release is created. But you're right that patch -p0 certainly does the trick. :) Removing this step would eliminate one sync script that needs to be written, the overhead required for management of a separate CVS repository, and doesn't detract at all from the benefits of an open dialog with developer participation in fixing the actual issue itself. I'm +1 to its removal, but defer to dww since he knows a lot better than me (or probably most of us ;)) what would be involved here, and how much work it would actually cost/save. -Angie