Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: pseudoversions can refer to external commits [1.11 backport] #31195

Closed
gopherbot opened this issue Apr 1, 2019 · 2 comments
Closed
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone

Comments

@gopherbot
Copy link

@FiloSottile requested issue #31191 to be considered for backport to the next 1.11 minor release.

@gopherbot please open backport issues for this. It is a security issue and we want to make sure the entire modules ecosystem will reject the external pseudoversions.

@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Apr 1, 2019
@gopherbot gopherbot added this to the Go1.11.7 milestone Apr 1, 2019
@andybons andybons modified the milestones: Go1.11.7, Go1.11.8, Go1.11.9, Go1.11.10 Apr 5, 2019
@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsFix The path to resolution is known, but the work has not been done. labels Apr 16, 2019
@julieqiu
Copy link
Member

Approving since this is a security issue. Please follow the instructions at https://github.com/golang/go/wiki/MinorReleases to create the cherrypick CL.

@julieqiu julieqiu added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Apr 24, 2019
@rsc
Copy link
Contributor

rsc commented Apr 30, 2019

Don't cherry-pick. See my comment on #31191.

@rsc rsc closed this as completed Apr 30, 2019
@golang golang locked and limited conversation to collaborators Apr 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Development

No branches or pull requests

5 participants